Phases of Incident Response Plan in Cybersecurity

An Incident response plan contains a series of phases that address a suspected data breach. Each phase contains some set of instructions that should be followed while implementing an incident response plan.

Phases of Incident Response Plan 

Phases of Incidence Response Plan

1. Preparation 

This is the first phase of the incident response plan. In this phase, we ensure that the employees are properly trained and ready to deal with any security incident. We assign incidence response roles and responsibilities to each employee according to his skill. Also, in this phase, we conduct mock security, incidents in order to evaluate the capabilities of employees.

2. Identification

In this phase, we identify the security incident on an organization's computer system. We also check how many systems are affected and their severity level. We also try to find out the source of that attack and analyze its degree of input on our computer systems and network.

3. Containment

In this phase, we ensure that the breach does not spread and cause further damage to the organization. This is ensured by isolating the affected computer system from the network and securing the other systems on the network. We also create a backup of the file so that the data does not get lost forever.

4. Eradication

Once the security incident is identified and the affected system is isolated, we eradicate the malware or code injected into it. We take help from the antivirus which detects and remove the malware from the system. We also apply patches in the security and update the systems.

5. Recovery

This is the process of restoring and returning affected systems and devices back into the business environment. During this time, it's important to get the systems and business operations up and running again without fear of another breach.

6. Lesson learned 

This is the last phase of the Incident response plan in which we hold meeting with all incident response teams and discuss the findings and lessons learned from the security breach. Here, we also analyze and document everything about the breach.

Popular Posts

Conducting Polymers: Definition, Examples, Properties and Applications

Image
What are Conducting Polymers? As the name suggests organic polymers that conduct electricity are known as conducting polymers. They are also known as intrinsically conducting polymers (ICPs) and they have alternating single and double bonds along the polymer backbone (conjugated bonds) or that are composed of aromatic rings such as Phenylene, naphthalene, anthracene, pyrrole, and thiophene which are connected through carbon-carbon single bonds. Examples: Polyacetylene, Polypyrrole, Polyaniline, etc What is the reason behind conducting nature of these polymers? Conducting polymers comes in two forms that are doped conducting polymers and non-doped conducting polymers. The conductivity of non-doped conjugated polymers is due to the existence of a conductivity band similar to a metal. In a conjugated polymer, three of the four valence electrons form strong sigma bonds through sp² hybridization where electrons are strongly localized. The remaining unpaired electron of each carbon atom re
Read more

Crime Scene: Definition, Types and Characteristics

Image
What is a Crime Scene ? A place where the crime is committed or where the maximum physical evidence related to crime is found is known as a crime scene. A crime scene is a starting point of the investigation which provides information about the suspect and the victim. This helps to reconstruct the crime and fast resolution of the case. It is noted that the crime scene is not limited to a single place but may extend to a wider area depending upon the nature of the crime committed. For example, In a murder case where murder is done at one place and the body is disposed on another place. In this case, we have two crime scenes that give information about the crime. Types of Crime Scene Based on evidence found on the crime scene: 1. Primary Crime Scene The crime scene where the actual crime occurred or where more usable pieces of evidence were found is known as the primary crime scene. For example, A murder scene, theft, assault, etc. 2. Secondary Crime Scene The crime scene which is some
Read more

Documentation of the Crime Scene: Step by Step

Image
What is documentation of the crime scene and Why it is done? After securing the crime scene, the next most important step is documentation of the crime scene because documentation permanently records the crime scene and its physical evidence. Documentation should be done without any wastage of time as the scene and its evidence may get altered over time. The documentation should be done innovatively and the originality of the crime scene should be maintained and documentation should not have pauses or breaks, it should remain constant till the whole crime scene is documented. There are four main tasks of documentation that is note-making, photography, videography , and sketching . It should be noted that all four tasks are necessary and none is a substitute for another. For example, notes are not substitutes for photography, video is not a substitute for sketching, etc. Following are the sequence for crime scene documentation: 1. Note making Documentation of crime scene in the f
Read more