In the IT industry, incident management is the management of activities to detect, analyze, respond to, and correct an organization’s security situation. All the operational security measures that the CISSP establishes decrease the possibility of a security incident from occurring. Sadly, these events are still inevitable, no matter what precautions are taken. Because of the inevitability of security incidents, the CISSP caters to the need to use regimented and fully organized methodologies to identify and respond to such security events.
Incident response and handling are mostly associated with how an organization reacts to any security incident. Reporting on such incidents can be stressful. In these types of high-alert situations, the documentation tends to be overlooked while focusing on the resolution of the issue. It will become difficult to know whether this investigation will land in court of law or not.
Different organizations use different terms and phases associated with incident response processes. The NIST Computer Security Incident Handling Guide divides the incident response lifecycle into the following four steps:
- Detection and Analysis
- Containment, Eradication and Recovery
- Post-incident Activity
In the CISSP, the steps are further divided. The following eight steps are further subdivisions of NIST’s four points:
- Lessons Learned
Preparation can also be called the pre-incident phase. It involves the steps that are taken before an incident occurs. In other words, this is the time in which the team prepares for any incident. This can include training, defining policies and procedures, gathering tools and necessary software, procuring necessary hardware equipment, etc. This phase should include everything that can aid in faster resolution of an incident. An incident handling checklist is also prepared at this stage.
This is the primary and the most important step in the incident response (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by InfoSec Resources. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/8NK0yospzVM/