Incident Response :Sensitive data and confidential information are the new gold in the digital age, and cyber criminals are naturally always in pursuit of this goldmine.
To streamline the process and ensure all procedures have been executed, many experts recommend 7 phases of incident response.
The Seven Stages of Incident Response
1. Preparation:
Preparation is key and it involves identifying the start of an incident, how to recover, how to get everything back to normal, and creating established security policies including, but not limited to:
- user privacy expectations
- established incident notification processes
- the development of an incident containment policy
- creation of incident handling checklists
- ensuring the corporate disaster recovery plan is up to date
2. Identification
Ideally, monitoring and alerting tools will detect and inform your team about an incident before your customers even notice. Though sometimes you’ll first learn about an incident from customer support tickets.
No matter how the incident is detected, your first step should be to record that a new incident is open in a tool for tracking incidents
3. Containing the situation
Controlling the impact of the attack makes up the next step of incident response. You must already have a strategy in place about how to contain the cyber incident.
Instead of deleting everything without control, ensure that you take both long and short-term plans of action into consideration if you must contain the situation, without escalating the problem
4. Eradication:
Eradication is the process of actually getting rid of the issue on your computer, system or network. This step should only take place after all external and internal actions are completed. There are two important aspects of eradication which you should keep in mind. The first is cleanup. Cleanup usually consists of running your antivirus software, uninstalling the infected software, rebuilding the OS or replacing the entire hard drive and reconstructing the network.
The second step is notification. Notification always includes relevant personnel, both above and below the incident response team manager in the reporting chain.
5. Recovery:
After analyzing the incident and eradicating any immediate threats, it’s time to begin the restoration and recovery process. The length of this phase, and the effort it requires, is dependent on the extent of the damage.
6. Lessons Learned
Having gone through a cyber breach on your system, there are certain things you will learn, which in turn help you to avoid future happenings. So, during an incident response planning, you can reflect, and evaluate how you were able to handle the situation. In this phase of incident response, you should be ready to ask yourself if your workforce behaved with precision and agility and if you have also accessed the role of your decision.
7. Testing and Follow-Up of Incident response
Most incident response plans wrap up with a final phase dedicated to testing and follow-up activities. This is the best opportunity for IT staff to ask questions and provide any feedback. It’s also when reports will be produced and delivered.
This is why you need to continually test and rehearse your incident response plans and try and find any loopholes or gaps in them that criminals may try to exploit next.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment