January 23, 2012

2.2.3 Incident Management

Incident management

Incident management—the steps followed when events occur.

A clearly defined incident response policy can help contain a problem and provide quick recovery to normal operations.

In the event of some form of security incident, some form of procedure should be in place to deal with these events as they happen.

The policy should cover each type of compromised security scenario and list the procedures to follow when they happen.

The incident response policy should cover the following areas:

  • Contact information for emergency services and other outside resources.
  • Methods of securing and preserving evidence of a security breach.
  • Scenario-based procedures of what to do with computer and network equipment depending on the security problem.
  • How to document the problem and the evidence properly.

The components of an incidence-response plan should include preparation, roles, rules, and procedures. Incident-response procedures should define how to maintain business continuity while defending against further attacks.


References:

  • http://www.informit.com/articles/article.aspx?p=1809117&seqNum=3
  • CompTIA Security+ Review Guide: Exam SY0-301, Second Edition by James M. Stewart

No comments:

Post a Comment