Incident Response Plan

Content
● Incident Response Plan
● Detection
● Prevention
● Response

Incident Response Plan:
Incident Response Planning is the documented and coordinated method of
addressing and managing a security breach or attack.
This incident response plan outlines: The response personnel and the
strategies that will be used to mitigate the incident
Incident response enables an organization to be prepared for the unknown as
well as the known incident.

Incident Response Plan:
1. Detection:
Incident Response Plan:
2. Prevention:
Incident Response Plan:
3. Response:
Steps for IRP:
The key phases of an incident response plan:
1. Preparation: Preparing users and IT staff to handle potential
incidents.
2. Identification: Determining the incident
3. Isolation: Limiting the damage of the incident and isolating affected
systems to prevent further damage
Steps for IRP:
4. Elimination: Finding the root cause of the incident, removing
affected systems from the production environment
5. Recovery: Permitting affected systems back into the production
environment, ensuring no threat remains
6. Analysis & Documentation: Completing incident documentation,
performing analysis to learn from the incident and potentially
improve future response efforts
SIEM:
Security information and event management (SIEM) is an approach to security
management.
SIEM provide an integrated view of an organization’s information technology
(IT) security.
It is used in large enterprise or organizations.
SIEM is an industry-standard term, with a composition of 2 term:
1. SEM (Security Event Management)
2. SIM (Security Information Management)

SIEM:
SIEM is a two part process:
SEM based on the Real-time monitoring of security events. It monitor the
entire enterprise edge devices and save the database to a location that
support single viewpoint review.
SIM manages the database which is reviewed and analyzed by automated
and human interpreters.
Steps to Cybersecurity
Implement an effective governance structure, maintain board engagement
and
produce appropriate information security policies which should include:
User education and awareness training
Monitoring policies and procedures for all networks and systems
Incident management procedures, including response and disaster recovery
Network security policies and procedures
Management and control of user privileges
Secure configuration guidance
Malware protection procedures
Control of removable media usage
Monitoring of mobile and home working procedures

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s