Incident Response Lifecycle to deal with Security Incident

June 12, 2019 | Views: 1193

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here


Now days we are dealing with lots of Security Incidents (which is Violation of Security Policy) and to deal with them we must follow some guidelines to address such security incident, here we will discuss Incident Response lifecycle that we (I am a Incident Handler) follow. You will have idea about what do we do in an overview perspective instead of going into too much detail. In case you want to go in detail you can also ask your friend google for it.

The lifecycle includes 7 steps to deal with Security Incidents:

  1. Preparation: Here we get prepared against all types of threats we will put various controls, Use latest updated patches for application and OS, use NGAV with latest definations. We do things to prevent against security incident to occur.
  2. Identification: This step involves identifying the security incident on the basis of various IoC’s, IoA’s and other symptoms. We can also use different types of logs such as Network/System/etc.
  3. Containment: Once you have identified the threat its important to contain that threat in order to prevent it getting spread over the network or else where. You can use EDR technologies to do that remotely. However operations can be performed within the system.
  4. Investigation: We must to root cause analysis and try to answer question like how/when/where/why about the threat or attack, and capture all the details for the related incident.
  5. Eradication: Now its time to eradicate the files or other threats that casused the incident to happen in the first place. You can uninstall infected programs and also use anti-malwares to do the same.
  6. Recovery: Restore the machine with the latest backup’s for data and configration setting.
  7. Follow-Up: Follow-ups must be done to find out the cost of the incident and loss of the productivity. We must also see similar incidents does not happen in future.

These above steps will give you an overview about the process for how can incident response lifecycle can be performed. Every organization may have different steps but these are recommended by NIST and comes under Cyber Security Best Practices.

Kindly share your views and let us know if you do thing in a different manner. Till then stay safe !!!

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel