IT Security – Incident Response

Protected by Copyscape Unique Content Check
Published: 04th June 2017
Views: N/A

Incident response is quite simply an organised and procedural approach to reacting to and managing the aftermath caused by a cyber-attack or data breach of a security system. Having already been the victim of an attack and likely suffered data loss or damaged or corrupt technical equipment such as servers, applications and associated devices; the priority for incident response is to manage the situation in such a way as to limit further damage and to reduce recovery and maintenance time and costs.

Cyber-attacks can be incredibly costly for companies with an average direct financial loss of $3.5million to the affected company in terms of data loss, loss of customers, damage to reputation and fines incurred by legal and regulatory institutions. This is why proper IT security management and incident response are so crucial to companies, especially those which rely heavily on IT systems.

Incident response teams are normally comprised of technicians drawn from within the company or the help of independent security consultancy services may be sought. Either way, an organisation’s incident response team usually work in conjunction with representatives from human resources, legal and public relations departments in order to establish the level of damage caused the source of the security breach and how it can most efficiently be rectified.

In order to carry this out response teams employ the SANS Institute’s 6 step procedure the first of which is Preparation; whereby they attempt to educate users and staff as to the importance of updated security measures and how to employ them correctly. The next is Identification, whereby the team must establish whether an event is in fact a security incident; this is done with the help of automated technologies which track internet security activity and computer activity. They then move to the Containment phase, and disconnect all affected systems to prevent any incident from spreading further. Eradication then takes place as the team investigates the origin of the incident and removes all traces of malicious code after which the Recovery phase aims to restore data and software existing on the system. Lastly the team considers Lessons Learned; and analyses how the incident was handled, making recommendations as to how it could be made better in response to future incidents.

This may seem like a long-winded approach to managing a security breach however when we consider the potential monetary loss such a breach could result in, investment in either an in house or free-lance response team seems like a good one.

For further information on IT security systems and incident response visit -

This article is copyright

Report this article Ask About This Article

More to Explore