What is an incident, the IR lifecycle (detection through recovery), alert triage, true/false positives.