eLearnSecurity Blog

HomeBlog postsThe 4 Steps Of Incident Handling & Response

The 4 Steps Of Incident Handling & Response

December 6, 2018 | by | Blog posts 0 Comments

An estimated 3.6 billion records were breached in the first 9 months of 2018 alone. While these numbers show some improvement, cyber incidents will inevitably continue to happen. For that, security professionals need to know the Incident Handling and Response processes.

According to NIST’s Computer Security Incident Handling Guide, the Incident Response (IR) life cycle is made of 4 phases, as shown below.

1. Preparation

In this initial phase, organizations plan to handle incidents and attempt to limit the number of potential incidents by selecting and implementing a set of controls based on the results of risk assessments. This step involves outlining everyone’s responsibility, hardware, tools, documentation, etc. and taking steps to reduce the possibility of an incident happening.

2. Detection & Analysis

In this phase, the IR team analyzes all the symptoms reported and confirms whether or not the situation would be classified as an incident.

3. Containment, Eradication, and Recovery
In this phase, The IR team now gathers intel and create signatures that will help them identify each compromised system. With this information, the organization can mitigate the impact of incidents by containing them and countermeasures can be put in place to neutralize the attacker and restore systems/data back to normal.
4. Post-incident Activities

This is more of a ‘lesson learned’ phase. Its goal is to improve the overall security posture of the organization and to ensure that similar incidents won’t happen in the future.

When incidents happen, we tend to panic and wonder “what now?”. It’s important to remain calm and follow best practices and company procedures. For this reason, NIST has published its Computer Security Incident Handling Guide to lead you through the preparation, detection, handling, and recovery steps of Incident Handling & Response.

Interested in learning how to professionally analyze, handle, and respond to security incidents on heterogeneous networks and assets? Check out the Incident Handling & Response Professional (IHRP) training course and register for the launch webinar on March 26.
.SAVE YOUR SEAT.    .LEARN MORE.

Connect with us on Social Media

Twitter Facebook LinkedIn Instagram

Tags: , , , , ,

Author:

Patience, persistence, and perspiration make an unbeatable combination for success. 😉

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go to top of page