In Next few posts, I am going Delve deep in incident response and various aspects.
Incident Response Procedures:
Procedures and guidelines covering appropriate priorities, actions, and responsibilities in the event of security incidents, divided into preparation, detection/analysis, containment, eradication/recovery, and post-incident stages Documenting Procedures .
● Preparation
--Make the system resilient to attack by hardening systems, writing policies and procedures, and setting up confidential lines of communication
--Preparing for an incident response involves documenting your procedures, putting resources and procedures in place, and conducting training.
--A standard operating procedure and it tells our junior analysts and incident handlers exactly what they should do in response to different scenarios.
● Detection and Analysis
--Determine if an incident has place, triage it, and notify relevant stakeholders
● Containment
--Limit the scope and the magnitude of the incident by securing data and the limiting impact to business operations and your customers
● Eradication and Recovery
--Remove the cause of the incident and bring the system back to secure state
● Post-incident Activity
--Analyze the incident and responses to identify whether procedures or systems could be improved
We will learn in more details about every phase in next posts. Thank you
Akash Patel
コメント