==
Home » Uncategories » 6 STEPS OF INCIDENT RESPONSE

6 STEPS OF INCIDENT RESPONSE

6 STEPS OF INCIDENT RESPONSE

  1. Preparation. Advanced preparation is important when planning for a potential incident. Policies and procedures should be known and tested by management and all personnel to ensure that the recovery and remediation process will quickly address any and all incidents in a timely manner, resulting in the least amount of damage. Do you have the necessary tools and training to handle incidents before they actually occur?
  2. Detection & Identification. After the incident occurs, it’s important to ask yourself a number of questions. What kind of incident has occurred? Data theft? Insider threat? Network attacks? Once you’ve identified the type of incident that has occurred, it’s important to determine the severity of the incident in order to choose the best course of action according to your predetermined Incident Response Policy and Procedures. Are there any safety concerns for personnel that need to be considered? Has there been loss or exposure of data? Were any laws or contracts violated? What is the size of the impact area?
  3. Containment. In order to limit the impact of an incident, the containment phase of incident response is critical. Have the right people in your organization been notified? The faster the response time, the more likely it will be that you can reduce the damage of the particular incident. This may mean isolating the infected or compromised area to determine the best way to handle recovery. Do you have the right tools and personnel needed to handle the task?
  4. Remediation. At this stage, it’s time to resolve the issue and remove any malicious code, threat, personnel responsible for the incident, etc. Forensic analysis should be completed and logs kept throughout the remediation process. Will backups need to be implemented? What information security weaknesses need to be addressed at this time?
  5. Recovery. At this point, it’s time to get things back up and running and be sure that all company policies and procedures are effectively being implemented. Continuous, ongoing monitoring is important following remediation of an incident to be certain that it has been fully resolved and nothing threatening is lingering in your network. Continuous monitoring will also detect any suspicious behavior going forward.
  6. Lessons Learned. Compiling a detailed report of what happened and what was done as corrective measures is a good step towards ensuring the same incident will not occur again. Why did it happen? What could have prevented it? Does your security posture need to be updated to ensure similar incidents won’t happen in the future? Who does this information need to be shared with in order to make any necessary change to your security posture?
When it comes to securing and protecting your business, preparation is equally important as prevention. Don’t be surprised by an unexpected security incident. Develop and implement an “Incident Response Plan.” Then, train your employees on what needs to be done to protect your business in the aftermath of an incident, and you will be able to reduce, minimize, and address damage caused by an unfortunate event.
Admin

Pro Teknologi dibuat pada 22 Februari 2017. Blog ini adalah harapan saya agar dapat membagi manfaat kepada orang lain,berupa tips-tips Seputar Blog,Internet,Komputer,dan Info-Info Menarik lainnya.

0 Response to "6 STEPS OF INCIDENT RESPONSE"

Post a Comment

Subscribe to: Post Comments (Atom)