Incident classification categorizes incidents by type (malware, phishing, data breach, DoS) and severity (P1-P4 based on business impact) to determine response priority and resources.
P1 (Critical): active data breach, ransomware spreading, critical system down. P2 (High): limited breach, significant system impact. P3 (Medium): contained malware, policy violation. P4 (Low): suspicious email, minor policy violation. Classification drives IR playbook selection.