[go: up one dir, main page]
Scribd
Upload
30 views4 pages

Incidence Response Management

Incident response management in cybersecurity involves identifying, managing, recording, and analyzing security threats to mitigate risks and prevent data breaches. The ISO/IEC Standard 27035 outlines a five-step process for effective incident management, emphasizing the importance of having a robust incident response plan. Additionally, organizations should establish a dedicated Incident Response Team, implement regular training, and maintain clear communication channels to enhance their incident management capabilities.

Uploaded by

vijeta malik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
30 views4 pages

Incidence Response Management

Incident response management in cybersecurity involves identifying, managing, recording, and analyzing security threats to mitigate risks and prevent data breaches. The ISO/IEC Standard 27035 outlines a five-step process for effective incident management, emphasizing the importance of having a robust incident response plan. Additionally, organizations should establish a dedicated Incident Response Team, implement regular training, and maintain clear communication channels to enhance their incident management capabilities.

Uploaded by

vijeta malik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Incidence Response Management

 In the field of cybersecurity, incident management can be defined as the process of


Identifying, Managing, Recording, and Analyzing the security threats and incidents
related to cybersecurity in the real world.
 This is a very important step after a cyber disaster or before a cyber disaster takes
place in an IT infrastructure.
 This process includes knowledge and experience.
 Good incident management can reduce the adverse effects of cyber destruction and
can prevent a cyber-attack from taking place.
 It can prevent the compromising of a large number of data leaks.
 An organization without a good incident response plan can become a victim of a
cyber- attack in which the data of the organization can be compromised at large.

Five-step process (by the ISO/IEC Standard 27035)


Step-1: The process of incident management starts with an alert that reports an
incident that took place. Then comes the engagement of the incident response team
(IRT). Prepare for handling incidents
Step-2: Identification of potential security incidents by monitoring and report all
incidents
Step 3: Assessment of identified incidents to determine the appropriate next steps for
mitigating the risk
Step-4: Respond to the incident by containing investigating and resolving it (based on
the outcome of step 3)
Step-5: Learn and document key takeaways from ever Incident.
 A strong incident management process is very much important in order to reduce
the recovery costs, potential liabilities and most importantly reducing the damage
to the victim (both at personal level and organizational level).
 On 10 March 2004, the European Network and Information Security Agency
(ENISA) was established.
Its purpose is to ensure a high and effective level of network and information security
within the community and to develop a culture of network and information security
for the benet of the citizens, consumers, enterprises and public sector organizations
within the European Union, thus contributing to the smooth functioning of the
internal market.

Computer Emergency Response Teams (CERTS, also known as CSIRTS)


are the key tool for critical information infrastructure protection (CIIP).
Every single country that is connected to the internet must have the capability to
effectively and efficiently respond to information security incidents.
CERTs are able to do much more.
They are in a position to act as important providers of security services to
governments and citizens.
At the same time, they have the opportunity to raise awareness of security issues and
act as educators.

Terminology CSIRT/CERT
 The term CERT (computer emergency response team) was used first In 1989 by
what is now the CERT Coordination Center. Their host organisation, Carnegie-
Mellon University, registered 'CERT' as a trademark and service-mark in the USA.
 To avoid any trademark Issues, the term CSIRT (computer security incident
response team) was introduced a few years later by Kossakowski, Stikvoort and
West-Brown in their CSIRT Handbook
 CSIRT and CERT express the same concept - as does CSIHC (computer security,
Incident handling capability) and IRT (incident response team).
 Computer Emergency Response Teams (CERTS, also known as CSIRTS are the
key tool for critical information infrastructure protection (CIIP)

CERT-In
 CERT-In (the Indian Computer Emergency Response Team) is a government-
mandated information technology (IT) security organization.
 The purpose of CERT-In is to respond to computer security incidents, report on
vulnerabilities and promote effective IT security practices throughout the country.
 CERT-In was created by the Indian Department of Information Technology in 2004
and operates under the auspices of that department.
 According to the provisions of the Information Technology Amendment Act 2008,
CERT-In is responsible for overseeing administration of the Act.
 CERT organizations throughout the world are independent entities, although there
may be coordinated activities among groups.

INCIDENT HANDLING:
Incident handling has four major components (derived from CERT concepts), which
are given here in the order of chronology
 First, an incident is reported or otherwise detected (detection)
 Then the incident is assessed, categorized, prioritized and is que for action (triage).
 Next is research on the incident, what has happened, who is affected and so on
(analysis).
 Finally, actions are taken to do all that is necessary to resolve the incident
(incident response).

Tips for security IRM


 Each and every organization needs to have a good and matured plan for the
security incident management process, implementing the best process is very
useful to make a comprehensive security incident management plan.
 Create a security incident management plan with supporting policies including
proper guidance on how incidents are detected, reported, assessed, and responded.
 It should have a checklist ready. The checklist will be containing actions based on
the threat.
 The security incident management plan has to be continuously updated with
security incident management procedures as necessary, particularly with lessons
learned from prior incidents.
 Creating an Incident Response Team (IRT) which will work on clearly defined
roles and responsibilities. The IRT will also include functional roles like finance,
legal, communication, and operations.
 Always create regular training and mock drills for security incident management
procedures. This improves the functionality of the IRT and also keep them on their
toes.
 Always perform a post-incident analysis after any security incident to learn from
any success and failure and make necessary adjustments to the program and
incident management processes when needed.
 Establish clear communication channels: It's important to establish clear
communication channels within the Incident Response Team and with other
stakeholders such as senior management, legal teams, and external agencies. This
ensures that everyone is on the same page and can respond effectively during a
security incident.
 Implement a centralized incident tracking system: A centralized incident tracking
system allows you to track the progress of incident response activities, monitor
incidents in real-time, and share information across the team.
 Develop incident response playbooks: Incident response playbooks are step-by-
step guides that provide instructions on how to respond to specific types of
security incidents. These playbooks can help ensure a consistent and effective
response, and can be customized based on the organization's needs.
 Conduct regular vulnerability assessments: Regular vulnerability assessments can
help identify potential security weaknesses before they are exploited by attackers.
This can help prevent security incidents before they occur.

You might also like