[Course] Police To Cyber Expert – Part 6 : Security Incident Response

blogs Police & Cyber Security

Incident Response :

Incident response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack, also known as an IT incident, computer incident, or security incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.

Responding to an incident quickly will help an organization minimize losses, mitigate exploited vulnerabilities, restore services and processes, and reduce the risks that future incidents pose. (Defn Src)

According to the SANS Institute, there are six key phases of an incident response plan:

Preparation: Preparing users and IT staff to handle potential incidents if arise.

Identification: Determining whether an event is, indeed, a security incident

Containment: Limiting the damage of the incident and isolating affected systems to prevent further damage

Eradication: Finding the root cause of the incident, removing affected systems from the production environment

Recovery: Permitting affected systems back into the production environment, ensuring no threat remains

Lessons learned: Completing incident documentation, performing analysis to learn from the incident and potentially improve future response efforts

Incident Response Use Cases

Identify & Update Compromised HostRun Malware Scan, Update Firewall Rules, Disconnect System from Internet, Disable Compromised User Accounts.
All user monitoringFind out real user account, newly created user accounts, Disable compromised user accounts, reset passwords of all user.
Investigate and Mitigate Data ExfiltrationBlock Data Transfer, Disable Compromised Hosts and User Accounts
Handle ServicesFind out stopped services, system processes, recover them, restart them.
Act against . . .Act against Affected Host, Network Traffic,

Table : Resource for table is www.resolvesystems.com

  • Some more incident response use cases may be : Call Experts, Figure out what is going on and how this happened, try to investigate process, methods and devices & tools (if possible) used during attack. 

Hackers House Nepal

Video Tutorial of this Part will be available in http://youtube.com/studentvideotutorial

Featured image via Pixabay.Com

Leave a Reply

Your email address will not be published.