Even the smallest degree of prevention is usually considered to be much better than the best efforts at curing. This reality will sink in much better especially when something wrong happens with your computer or IT security. Incident response plans and procedures are ideal as your course of action when things go wrong with your systems. When you know that incident response is the best course of action, you are in essence embracing the most ideal framework. ISO and NIST controls standard inform you of the guidelines for using an incident response policy. This way you will have the requirements that determine responsibilities for the plan’s operation. Your incident response management has frame activities that usually begin by identifying an incident before containing and investigating it and then moving on after it recovers from the incident. A majority of these activities are supposed to depend on plans and procedures that have already been predetermined. There are plenty of complicated matters related to your security incident response that require your utmost consideration. These are such issues as reporting and escalation as well as the preserving evidence. Forensics and investigations will need adequate attention just as measures put in place to prevent recurrence. Before considering the resuming of operations, your response plan will also factor reconstruction of damaged systems. Incident response plans require skill and it might not be an easy task to find skilled practitioners just as it is to have skills constantly at competence levels that are of an acceptable degree. Extensive training is so important it should not be negotiated. To avoid problems with getting appropriate skills, you can establish a relationship with service providers who are on call. At many firms do not record regular occurrences of significant incidents. The rare incidents however should be warning enough of the need to a have discipline in the system through incident response management measures. Those tasked with roles in security incident response should be well versed with their responsibilities and should always examine the plans to be sure they are familiar and to be sure that the security plan is fit for the purpose for which it was put up. You can decide to have procedures in place for particular types of incidents since the response activities are different in terms of specific incidents being experienced. Attack methodologies, attack initiating threats as well as their targets and vulnerabilities they exploit are good ways of maintaining familiarity in incident response management. It should be noted that incident response plans also come with governance matters, which are significant. There is need for preparedness to deal with important issues that are driven by events. Incidents are usually broad events with unpredictable twists and turns requiring response that is flexible with this putting a stress on procedures and plans. Event dynamics might be the reason for a need to go off the plan and will mostly not be as a result of the shortcomings of the security incident report system. It is important to update plans in case there is an event. Ted Julian is the author of this article on it security breach. Find more information, about data loss management here
Related Articles -
it security breach, Incident Response Plans, data loss management, security incident response, incident response management, PCI incident response,
|