Chapter 11.
Incident Response
In the event that the security of a system has been compromised, an incident response is necessary. It
is the responsibility of the security team to respond to the problem quickly and effectively.
11.1. Defining Incident Response
Incident response is simply an expedited response to an issue or occurrence. Pertaining to Informa 
tion Security, an example would be a hacker who has penetrated a firewall and is currently sniffing
internal network traffic. The incident is the breach of security. The response depends upon how the se 
curity team reacts, what they do to minimize damages, and when they restore resources, all the while
attempting to guarantee data integrity.
Think of your organization and how almost every aspect of it relies upon technology and the computer
systems. If there is a compromise, think of the potentially devastating results. Besides the obvious sys 
tem downtime and theft of data, there could be data corruption, identity theft (from online personnel
records), and embarrassing publicity or even financially devastating publicity as customers and busi 
ness partners learn and react to news of such a compromise.
Research on past security breaches (both internal and external) shows that companies can potentially
be run out of business as a result of a breach. At minimum, a breach can result in resources being
unavailable and data stolen or corrupted. But one cannot overlook issues that are difficult to calculate
financially, such as bad publicity. An organization must calculate the cost of a breach and how will it
detrimentally affects an organization, both in the short and long term.
11.2. Creating an Incident Response Plan
It is very important that an incident response plan is formulated, supported throughout the organi 
zation, put into action, and regularly tested. A good incident response plan that is thoroughly tested
and acted upon quickly may minimize the effects of a breach. Furthermore, it may even reduce the
negative publicity and focus attention on quick reaction time.
From a security team perspective, it does not matter whether a breach occurs (as such occurrences are
an eventual part of doing business using an untrusted carrier network such as the Internet), but rather,
when a breach will occur. Do not think of a system as weak and vulnerable; realize that given enough
time and resources someone, somewhere, some day, will breach even the most security hardened
system or network.
The positive aspect of realizing the inevitability of a system breach is that it allows the security team
to develop a course of action that minimizes any potential damage. Combining a course of action with
expertise allows the team to respond to adverse conditions in a formal and responsive manner.
The incident response plan can be separated into four sections:
Immediate Response
Investigation
Restoring
Reporting
Incident response must be decisive and executed quickly. There is little room for error in most cases,
and by staging practice emergencies and measuring response times it is possible to develop a method 






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

web hosting comparison

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved