The Importance Of Incident Response

1030 Words5 Pages
Incident response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack. Its purpose is to prevent any further damage and to reduce recovery time and cost. Incidents that are not dealt with are likely to escalate into bigger problems that could lead to damaging data breaches or a system collapse. Responding quickly is extremely important. IR must be quick in order to minimize losses, mitigate exploited vulnerabilities, restore services and processes, and reduce the risks that future incidents occur. In order to make all of this happen, incident response teams should follow the Incident Response Plan. This consists of 6 parts: 1. Preparation 2. Identification 3. Containment 4. Eradication 5. Recovery…show more content…
Events happen very often – unauthorized devices connecting to the network, staff losing personal devices, phishing emails being sent out. Not every event is an incident. Every incident, however, stems from an event. Events are handled under incident response models. Every company is free to implement their own incident response model how they see fit, however, there are a few incident response models that have been widely adopted. The two most notable are called SANS and Lockheed. SANS is a general certification board that issues certifications to information security professionals. SANS also has general guidelines on handling a myriad of security-related matters, including incident response. Lockheed, or Lockheed Martin, is a specific example of a company that sells information response assistance that follows the SANS model. Lockheed Martin has seen such great success because as the digital age progresses, everyone needs information security and an incident response…show more content…
This is the case for a variety of reasons, but the main being that the shareholders of the university want and need to know that there is an action plan for cyber attacks. One of the most in-depth IR plans that I came across was from Virginia Tech. Virginia Tech has a 41-page Guide for Cyber Security Incident Response where they clearly state their purpose, scope, mission, strategy and the incident response processes. One important aspect that they choose to include at the beginning of the document was a ‘Record of Changes’. They have stated at the bottom of this page that the “cyber incident response plan should be reviewed on an annual basis” (2016). The implementation of this page shows that Virginia Tech is re-evaluating their cyber security needs every year. One cybersecurity plan may not tackle all the issues; this is why it is important to continually update an incident response plan to reflect current flaws that could lead to an

More about The Importance Of Incident Response

Open Document