Scribd
Upload
8 views

Incident Response

Incident response management involves handling unplanned interruptions in IT services, with a focus on quickly restoring normal operations while minimizing adverse impacts. It includes a structured process for identifying, containing, and remediating cyber incidents, involving various stakeholders and technical tasks. The primary goal is to effectively remove threats and restore operations, while continuously improving response policies based on lessons learned from incidents.

Uploaded by

Worldofdevaa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
8 views

Incident Response

Incident response management involves handling unplanned interruptions in IT services, with a focus on quickly restoring normal operations while minimizing adverse impacts. It includes a structured process for identifying, containing, and remediating cyber incidents, involving various stakeholders and technical tasks. The primary goal is to effectively remove threats and restore operations, while continuously improving response policies based on lessons learned from incidents.

Uploaded by

Worldofdevaa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 15

Incident

response
managemen
t

Ms. Aashika N
Kristu Jayanti College
Introduction
An incident is an unplanned interruption
that causes, may cause, or reduces the
quality of an IT service. Some classic
examples are the internet running too
slow, a business application going down,
or a printer not working.

Incident management is a way to restore


normal service operations as quickly as
possible, minimizing any adverse impact
on business operations or the user.
Incident response management

Incident response (IR) is the process by which


an organization handles a data breach or 1
cyberattack. It is an effort to quickly identify
an attack, minimize its effects, contain
damage, and remediate the cause to reduce the 2
risk of future incidents. 4
3
Incident response is a subset of
incident management. Incident
management is an umbrella term for an
enterprise's broad handling of
cyberattacks, involving diverse
stakeholders from the executive, legal,
HR, communications and IT teams.
Incident response is the part of incident
management that handles technical
cybersecurity tasks and considerations.
Step-by-Step process to safeguard digital
assets
Planning
Securing the
Scene ● Develop incident
response policies and
● Isolate affected procedures.
systems. ● Identify roles and
● Implement responsibilities.
containment ● Establish
measures. communication
● Preserve volatile channels.
data.
Documentation

Assess Create an incident
log.
● Conduct a risk ● Record actions taken.
assessment. ● Document system
● Identify affected assets. configurations
● Prioritize response
actions.
Step-by-Step process to safeguard digital
assets
Seizure Analyze
● Obtain legal
authorization for ● Malware analysis.
evidence collection. ● Network traffic
● Use forensically sound analysis.
techniques for data ● Behavioral analysis
seizure. of systems.
● Preserve the chain of
custody.

Report
● Prepare incident
reports.
● Share findings with the
incident response
team.
● Collaborate with
management for
GOALS OF INCIDENT RESPONSE?
The primary goal of incident response is to effectively remove a threat from the
organization’s computing environment, while minimizing damages and restoring normal
operations as quickly as possible.
❏ Investigate
• Determine the initial attack vector
• Determine malware and tools used
• Determine what systems were affected, and how
• Determine what the attacker accomplished (damage assessment)
• Determine if the incident is ongoing
• Establish the time frame of the incident
❏ Remediate
• Using the information obtained from the investigation, develop and implement
a remediation plan
WHO IS INVOLVED IN THE IR PROCESS?
An Incident Response

An Incident Response team is a group of people who are forensics expert and are always
prepared for an respond to any emergency incident, an interruption of business operations
due to any cyber-crime.

Objective of Incident Response team:

● Confirm that an incident has occurred and the system were compromised
● Maintain or restore business continuity
● Lessen the incident impact.
● Try to find out how the attack was done
● Preventive steps for future incidents
● Improve security and incident response approach Incident Response Team
Step of the incident response and handling
process
Communicatin
Identification
g the Incident
1 Recognize and confirm
Establish clear
4
the occurrence of a
security incident communication
channels for effective
coordination
Incident
Containment
Recording
2 Document the details of Prevent further damage 5
the incident for future and limit the scope of
analysis and reporting the incident

Formulating a
Initial
Response
Response
3 Execute immediate Strategy
Develop a comprehensive 6
actions to contain and
strategy to address the
mitigate the impact of
incident
the incident.
Step of the incident response and handling
process
Incident
0 Classification
Categorize the incident based on
1 severity and nature

Incident
0 Investigation
Conduct a thorough investigation to
2 understand the root cause and
methods used by the attacker

0 Data Collection
3 Gather relevant data and
evidence for analysis

Forensic Analysis
04 Analyze collected data to identify
the attacker's tactics, techniques,
and procedures.
Notify external agencies

Regulatory Cybersecurity
Authorities Organizations

Data Protection Insurance


Authorities Providers
Review and Update of Response Policies:

● After addressing an incident, it's essential to review the incident response policies
and procedures to identify any shortcomings or areas for improvement.

● This step involves evaluating the effectiveness of existing response protocols,


documenting lessons learned from the incident, and updating response plans
accordingly.

● The goal is to enhance the organization's ability to detect, respond to, and recover
from future incidents more effectively, minimizing the risk of similar incidents
occurring in the future.
Computer Incident Response Team (CIRT)

Group of individuals usually consisting of Security Analysts organized to develop,


recommend, and coordinate immediate mitigation actions for containment, eradication,
and recovery resulting from computer security incidents.

You might also like