Incident Response is an organized approach to addressing…
In case of a security breach or attack, Incident Response offers an organized approach to disaster management.
From containing the problem to recovering valuable data recommendations will ensure a preventative approach to a company's digital security in the future.
THE SANS INSTITUTE'S SIX-STEP GUIDE TO HANDLE AN INCIDENT:
PREPARATION – Educate users and IT staff of the importance of updated security measures and trains them to respond to computer and network security incidents quickly and correctly.
IDENTIFICATION – The response team is activated to decide whether a particular event is, in fact, a security incident.
CONTAINMENT – The team determines how far the problem has spread and contains the problem by disconnecting all affected systems and devices to prevent further damage.
ERADICATION – The team investigates to discover the origin of the incident. The root cause of the problem and all traces of malicious code are removed.
RECOVERY – Data and software are restored from clean backup files, ensuring that no vulnerabilities remain.
LESSONS LEARNED – The team analyzes the incident and how it was handled, making recommendations for better future response and for preventing a recurrence.