The 4 Steps Of Incident Handling & Response
An estimated 3.6 billion records were breached in the first 9 months of 2018 alone. While these numbers show some improvement, cyber incidents will inevitably continue to happen. For that, security professionals need to know the Incident Handling and Response processes.
According to NIST’s Computer Security Incident Handling Guide, the Incident Response (IR) life cycle is made of 4 phases, as shown below.
In this initial phase, organizations plan to handle incidents and attempt to limit the number of potential incidents by selecting and implementing a set of controls based on the results of risk assessments. This step involves outlining everyone’s responsibility, hardware, tools, documentation, etc. and taking steps to reduce the possibility of an incident happening.
2. Detection & Analysis
In this phase, the IR team analyzes all the symptoms reported and confirms whether or not the situation would be classified as an incident.
3. Containment, Eradication, and Recovery
4. Post-incident Activities
This is more of a ‘lesson learned’ phase. Its goal is to improve the overall security posture of the organization and to ensure that similar incidents won’t happen in the future.
When incidents happen, we tend to panic and wonder “what now?”. It’s important to remain calm and follow best practices and company procedures. For this reason, NIST has published its Computer Security Incident Handling Guide to lead you through the preparation, detection, handling, and recovery steps of Incident Handling & Response.
Interested in learning how to professionally analyze, handle, and respond to security incidents on heterogeneous networks and assets? Check out our new Incident Handling & Response Professional – IHRP – training course.
Connect with us on Social Media