An organised process for dealing with security incidents, breaches, and online
threats is called incident response (IR). It involves logging, recording, and
resolving incidents. It notes the incident, when it occurred, its impact, and
its cause. A well-defined incident response plan (IRP) enables you to quickly
recognise, minimise harm, and lower the cost of a cyber-attack while
identifying and resolving the root cause to stop such assaults in the future.
Step 1: Preparation
It includes performing an audit of resources and assets to determine the
purpose of security. It also includes building an IR team, defining incident
readiness procedures, gathering required tools, and training the employees to
secure their systems and accounts.
Step 2: Incident Recording and Assignment
The initial reporting and recording of the incident take place in this phase.
This phase handles identifying an incident and defining proper incident
communication plans.
Step 3: Incident Triage
The discovered security incidents are examined, verified, classified, and
prioritised during this step. The team further analyzes the compromised device
to find incident details such as the type of attack, its severity, target,
impact, method of propagation, and any vulnerabilities s it exploited.
Step 4: Notification
The team informs various stakeholders, including management, third-party
vendors, and clients, about the identified incident.
Step 5: Containment
By limiting infection's ability to spread to other organisational assets, this
phase serves to limit further harm.
Step 6: Evidence Gathering and Forensics Analysis
The team gather all possible evidence and submits it to the forensics
department for investigation. Analysis reveals details such as the method of
the attack, vulnerabilities exploited, security mechanisms averted, network
devices infected, and applications compromised.
Step 7: Eradication
To stop future occurrences of this type of incident, the team removes or
eliminates the incident's primary cause and closes all attack vectors.
Step 8: Recovery
The team recovers the impacted systems, services, resources, and data through
recovery after removing the causes of the incidents. The team ensures that the
incident causes no disruption to the services or business of the
organization.
Step 9: Post-Incident Activities
Conducting a final review is an important step in the IH&R process. The
security incident requires additional review and analysis before closing the
matter. This includes incident documentation, incident impact assessment,
reviewing f and revising policies, closing the investigation, and incident
disclosure.
All in all, this process involves defining user policies, developing
protocols, building incident response teams, auditing organizational assets,
planning incident response procedures, obtaining management approval, incident
reporting, prioritization, and managing response. It also includes
establishing proper communication between the individuals responding to an
incident and guiding them to detect, analyze contain, recover, and prevent
incidents.
You might be interested in,
We hope this helps. If any suggestions or doubts you can add a comment and we
will reply as soon as possible.
No comments:
Post a Comment