When there is a security breach or a computer incident, a good way to address and manage this is through an organized method referred to as incident response. The objective of applying an incident response is to manage the situation that would limit the incurred damage, as well as reducing costs and recovery time. The incident response includes a policy which helps to serve as a guideline in determining the kind of incident and which provides procedures to be followed to help resolve when an incident occurs.
The computer incident team, security, IT staff, representatives from the legal, human resources and public relations departments make up the organization’s incident response.
SANS (SysAdmin, Audit, Network and Security) Institute, a world-class security operations center, in their experiences in handling computer incidents, they have offered these steps to address an incident effectively.
Interesting Research on Services – What No One Ever Told You
Preparing the organization’s users and IT staff by educating them on the importance of security measures and training them how to respond to computer and network security incidents quickly and properly is one of the main task of an organization.
A Simple Plan: Services
Creating an incident response team is necessary so the group’s task is to determine whether an incident is a security threat and act on it. As soon as the team confirms that it is a security incident, they can contact CERT (Computer Emergency Response Team) Coordination center, which can track the internet security activity and has current information on viruses and worms.
The team continues to determine as to how far has the problem spread over the systems and devices and contains the spreading by disconnecting the affected areas in order to prevent further damage.
As soon as the team finds out the origin of the incident, the root cause and all traces of the malicious code are removed.
After eradicating the root cause and traces of the malicious code, the data and software are restored from the already clean, backup files, making sure that no vulnerabilities remain and that systems are monitored for any sign of recurrence.
Before the team makes a report on the incident, they analyze first on the incident, so that in the report they reflect on how they handled the incident and what recommendations to give to prevent any recurrence and, at the same time, what to response in case another incident arises.
Creating an incident response team in the organization is effective if the IT staff can qualify and fill in the role of incident responders and security operations center analysts. For big corporations, security measures are of prime importance such that some corporations would rather outsource from reputed security service providers or contract incident specialists.
To most organizations, they utilize a mix of their in-house incident team collaborating with an outsourced security analysts. Whatever is the mix up teaming, it is still vital that the organization requires global security standard training of its in-house incident response team from a reputable security provider.