incident response
Home > Security Definitions - Incident response
SearchSecurity.com Definitions (Powered by WhatIs.com)
EMAIL THIS
LOOK UP TECH TERMS Powered by: WhatIs.com
Search listings for thousands of IT terms:
Browse tech terms alphabetically:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

incident response

Show me everything on Information Security Incident Response

DEFINITION - Incident response is an organized approach to addressing and managing the aftermath of a security breach or attack (also known as an incident). The goal is to handle the situation in a way that limits damage and reduces recovery time and costs. An incident response plan includes a policy that defines, in specific terms, what constitutes an incident and provides a step-by-step process that should be followed when an incident occurs.

An organization's incident response is conducted by the computer incident response team, a carefully selected group that, in addition to security and general IT staff, may include representatives from legal, human resources, and public relations departments.

According to the SANS Institute, there are six steps to handling an incident most effectively:

  1. Preparation: The organization educates users and IT staff of the importance of updated security measures and trains them to respond to computer and network security incidents quickly and correctly.
  2. Identification: The response team is activated to decide whether a particular event is, in fact, a security incident. The team may contact the CERT Coordination Center, which tracks Internet security activity and has the most current information on viruses and worms.
  3. Containment: The team determines how far the problem has spread and contains the problem by disconnecting all affected systems and devices to prevent further damage.
  4. Eradication: The team investigates to discover the origin of the incident. The root cause of the problem and all traces of malicious code are removed.
  5. Recovery: Data and software are restored from clean backup files, ensuring that no vulnerabilities remain. Systems are monitored for any sign of weakness or recurrence.
  6. Lessons learned: The team analyzes the incident and how it was handled, making recommendations for better future response and for preventing a recurrence.

Learn more about Information Security Incident Response
Incident response policies and procedures: This chapter excerpt addresses the role of security policies in the formation of a CIRT.
The Effective Incident Response Team: Chapter 2, What's Your Mission?: The following excerpt is from Chapter 2, What's Your Mission? of The Effective Incident Response Team by Julie Lucas and Brian Moeller.
Spotlight article: Domain 9, Physical Security: Get a detailed introduction to the CISSP exam's Domain 9, Physical Security, as explained in the CISSP Common Body of Knowledge.
Business continuity planning standards and guidelines: An excerpt from Chapter 1: Contingency and Continuity Planning of "Business Continuity and Disaster Recovery for InfoSec Managers," by John W. Rittinghouse and James F. Ransome.
Privacy Breach Impact Calculator: Use this calculator to find out what your organization should consider when estimating the potential business impacts of a data privacy breach.
Incident response process brings ROI and peace of mind: In this excerpt of Chapter 2 from ISACA's Cybercrime: Incident Response and Digital Forensics, author Robert Schperberg looks at the benefits of instituting an incident response process.
Crash course: Vulnerability management: Is vulnerability management a measurable and proactive process in your organization? Attend our on-demand webcast, and learn new tactics for managing the vulnerability lifecycle.

LAST UPDATED: 09 Sep 2005

Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com





FILE EXTENSION AND FILE FORMAT LIST
File Extension and File Format List:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #


RELATED CONTENT
Data breach notification legislation: What info must be released?
In the wake of a credit card data breach, what customer data breach information must be released per data breach notification legislation? David...
Incident response planning
Jack Phillips, managing partner of security research firm, IANS, talks about how companies can prepare to appropriately handle a security incident.
Mature SIMs do more than log aggregation and correlation
They've come a long way from the early days of log aggregation and correlation; enterprises now glean value from SIMs for compliance, visualization...




Get More incident response Answers
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts