Incident Response

 Incident Response:

Security incident is an adverse event or series of events that can negatively affect the confidentiality, integrity, or availability of data or systems within an organization, or that has potential to do so. It includes the multiple phases which are discussed below:

Preparation:
In this phase helps personal on how to respond to an incident. It includes establishing and maintaining an incident response plan and incident response procedure. It also includes establishing procedures to prevent incidents.

Identification:
All events are not security incidents so when a potential incident is reported, personnel take the time to verify it is an actual incident or not.

Containment:
After successful identification of incident security personal attempt to isolate or contain it. This might include quarantining a device or removing it from the network.

Eradication:
After isolation of the system from the network. It is necessary to remove the components from the attack. It means that if an attack has been launched from one or more compromised accounts. Eradication would include deleting or disabling these accounts.

Recovery:
In this phase administrator returns all affected systems to normal operation and verify they are operating normally.

Lessons learned:
At the end the administrator or security personnel perform a lesson learned review. So that organization might modify the procedures or add new controls to prevent from recurrence of that event.

Comments

Popular posts from this blog

Cyber Threat Intel

Analyzing Spear Phishing Email

Advance Attacks on Network