Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
PICERL is the SANS six-phase incident response model: Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned.
PICERL Definition: PICERL is the SANS six-phase incident response model: Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned.
PICERL is a mnemonic for the six-phase incident response lifecycle taught by the SANS Institute: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned. It provides a structured, repeatable workflow for handling security incidents from readiness through post-incident review. The model parallels the NIST incident response lifecycle but uses distinct, easy-to-remember phase names.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →