Posted filed under CompTIA Security+.

Incident response  [bs_icon name=”glyphicon glyphicon-chevron-right”]   Concept and procedures



In the preparation part of the response creation for an incident, the entire process is to be categorized in few steps. The steps are necessary since without the steps being followed, the actual response to the accurate incident could not be given. So, firstly one should know about the steps of providing Incident responses.


Incident identification

the first thing one should, or rather must do is making the occurrence of the incidence to the team leader and doing thus, making the team leader aware of the incident and so the incidence becomes escalated. If the incidence is about data theft, then the police is required to be informed but that would be a part of the responsibility of the Team leader.



Escalation and notification

Once the incident is properly escalated to the seniors, it is also the duty of him or her to let the local Police know about the incidence of the data leakage or data theft. While reporting the police, the two things that should be mentioned to them are, the time of occurrence as is informed by the first viewer of the incident and the importance of the data that has been leaked or stolen. The rest would be done by the Police alone, where they may seal the server or put a special sensor on it to inspect every changes happening on them.


the IMitigation steps

Once ncident has been correctly identified and reported to the right and proper authority, then starts the mitigation step. Mitigation essentially means the process to lessen the effect of anything. In this case, it is understandable that, mitigation means to minimise the effect of the incident on the other things or settings in the server or network. For that the loops are to be checked or the network gates are to be locked to prevent intrusion into the system by external agents. This will surely prevent the extra data loss and may even make it easier for the cyber crime department of Police to easily track the lost data or the leaked data.


Lessons learned

Once the entire system is restored in its earlier configuration, then it is essential to turn down to the every single step and procedures applied for the entire response process, and keep a record of that. This record acts as a lesson for one, may be that is the Team leader or a general staff.



Thus reporting is not something that makes a bad impression of the company but it adds to the goodwill of the company


Recovery/reconstitution procedures

Once the data is recovered, it is time to restore the entire system. During the restoration process, proper back up of the system should be followed with inclusion of proper log and loops.


Source by wikipedia





 To Become Cretified For CompTIA Security+ Please Visit This Link ;

Comments are closed.