[{"Identifier":"CYB.100.010", "Activity":"Incident Analysis", "Description":"Analyze incidents for accurate and quick response in order to identify the scope and nature of the incident, the involved parties, the timeframe, the relationship of the incident to other activities, and available response strategies."}, {"Identifier":"CYB.100.020", "Activity":"Incident Correlation", "Description":"Correlate incidents for accurate and quick response in order to determine any interrelations, patterns, common intruder signatures, common targets, or exploitation of common vulnerabilities."}, {"Identifier":"CYB.100.030", "Activity":"Incident Reporting", "Description":"Report incidents to organizational management and coordinate with the appropriate external organizations or groups, in accordance with organizational and federal requirements, in order to broaden situational awareness."}, {"Identifier":"CYB.100.040", "Activity":"Incident Handling", "Description":"Establish incident response abilities and handle incidents efficiently and effectively, per the organization's incident response plan."}, {"Identifier":"CYB.100.050", "Activity":"Event Archive", "Description":"Store and make available all security event and incident reporting in a central and secure repository in order for data to be used as a source for any legal/law enforcement, situational awareness, incident correlation, or other incident analysis (including fusion analysis or retrospective analysis) that may be done."}]