Incident management is a corrective control invoked by a detective control. Sadly, organizations too often learn of most breaches (confirmed incidents) "when they receive notification from a law enforcement agency, the card brands, or another third party" 68 and not through the organization's own monitoring.
PCI DSS covers the creation of an incident response plan that is ready "to respond immediately to a system breach". See Requirement 12.10.* for detailed requirements.
- Section 3.8.3 of volume 3
- PCI SSC - Responding to a Data Breach (Septempber 2015)