Information technology is completely secure when resources are utilized and accessed as intended under all circumstances. Through delegation, every entity manager assumes responsibility for maintaining an adequate control system that safeguards assets. However, information security managers are typically charged with responding to intrusions negatively impacting organizational information assets. Thus, security incursions transform information security managers into chief threat firefighters directing resources to extinguish security breach flames. To competently perform this security service, two critical incident response elements are necessary: information and organization.