All Articles

What are the stages of Incident Response

Posted by pritha on September 17, 2014 at 3:30am

Stages of Incident Response-

1. method 1

2. method 2

Method1(7-steps)

  1. Preparation
  2. Identification
    categories based on incident type
  3. Containment
  4. Investigation
  5. Iradication
  6. Recovery
  7. Follow up

Method2(4-steps)

  1. Preparation
  2. Detection and Analysis
  3. Containment, Eradication and Recovery
  4. Post-Incident Activity

--------

http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf

The incident response plan should include the following elements:
 Mission
 Strategies and goals
 Senior management approval
 Organizational approach to incident response
 How the incident response team will communicate with the rest of the organization and with other
organizations
 Metrics for measuring the incident response capability and its effectiveness
 Roadmap for maturing the incident response capability
 How the program fits into the overall organization

Procedure elements

Sharing information with outside parties

the media

law enforcement

incident handling talk to other outside parties -ISP,s/w vendors,

--

http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf

Handling an incidence rspons

preparation

detection and analysis

containment,eradication, recovery

postincident activity

incident handling chk

recommendtn

-----

http://technet.microsoft.com/en-us/library/cc700825.aspx

To instigate a successful incident response plan, you should:

  • Make an initial assessment.

  • Communicate the incident.

  • Contain the damage and minimize the risk.

  • Identify the type and severity of the compromise.

  • Protect evidence.

  • Notify external agencies if appropriate.

  • Recover systems.

  • Compile and organize incident documentation.

  • Assess incident damage and cost.

  • Review the response and update policies.

---------

http://www.sans.org/reading-room/whitepapers/incident/creating-managing-incident-response-team-large-company-1821

Primary Phases of the CSIRT .....................................................................................16
a) Identification................................................................................................................16
i) Triage Role ................................................................................................................17
ii) Identification Tasks................................................................................................17
b) Containment................................................................................................................19
c) Eradication...................................................................................................................20
d) Recovery ......................................................................................................................21
e) Lessons Learned..........

---------

Other sources-

http://ptgmedia.pearsoncmg.com/images/1578702569/samplechapter/1578702569.pdf (stages)
https://msisac.cisecurity.org/resources/guides/documents/Incident-Response-Guide.pdf (has warning) [useful url)

http://books.google.co.in/books?id=lPEgnnKWpmYC&pg=PA14&lpg=PA14&dq=skills+required+for+incident+response+personnel&source=bl&ots=gYCcMcKYYo&sig=J7_Lslvwq48PPnF39Bckjtvp9do&hl=en&sa=X&ei=MIgZVMaFL8iwuAS_rYCYDw&ved=0CEMQ6AEwBQ#v=snippet&q=technical%20skills&f=false

Views: 38
E-mail me when people leave their comments –
Follow
Posted by pritha

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)