Incident response is detecting and responding to cyber incidents whether it’s cyber attack or accidental information leak caused by an employee. Organizations should have incident response plan that specifies actions that needs to be taken for different scenarios. It includes things like who needs to be notified and involved, what systems need to be restored first, and regulatory requirements. Steps are prep, identify, contain, eradicate, recovery, and lessons learned.
While steps sound simple, there are numerous members that are involved with their own roles and responsibilities, different security solutions that works better in different scenarios, and different reporting procedures to include law enforcement that gets involved to make the process much more complicated than it sounds.
Common incident response technologies include security information and event management that aggregates and correlates security event data, security orchestration, automation and response tool that enables the playbooks, extended detection and response and endpoint detection response, user and entity behavior analytics platform, and attach surface management.
HansITAcademy 