Incident Response

After The Storm

You’ve had an incident.  You’ve managed the fall-out, contained the outbreak and restored normal service.  Now is the time to sit down with your incident response teams, your operational teams and other stakeholders and work out how to prevent a recurrence.

During an incident wash-up meeting, you should go over all evidence gathered during the incident, details of actions taken and the reasons why decisions were made given the information available at the time. 

Enacting Your Response

Situational awareness throughout incident response activities is of paramount importance.  As activities are conducted, new information is likely to emerge.  New information may completely change the objectives of your exercise, and teams need to be in constant communication in order to coordinate activities.

Actions assigned to responders during an incident will be informed by the systems and data at risk, business continuity plans for these systems, and the objectives of the incident response exercise.

Identifying The Incident

At some point, your business is likely to have to deal with an incident.  When this happens, being able to accurately identify and classify the incident is key to responding effectively with the minimum impact to your BAU operations. Yesterday, we discussed how proper planning will help you get a robust incident response framework in place.  Today, we are going to look at the sorts of questions you need to ask yourselves in order to be able to identify and classify an incident, and hence tailor your response.

The Five 'P's

It is widely acknowledged that these days, it is not a question of 'if', but 'when' an organisation will need to handle a security incident, and as every project manager knows, Proper Planning Prevents Poor Performance.

When you are reviewing your security controls, planning for a security incident in advance is incredibly important. 

Incident Response Week

Ever wondered if you're prepared for a cyber security incident? This week, one of our Directors, Gemma Moore, is guiding you through incident preparation and handling.

Follow us on Twitter for the mini-how-to series, and view the previous blogs here:

Monday: The Five P's

Tuesday: Identifying The Incident

Wednesday: Defining Your Objectives

Thursday: Enacting Your Response

Friday: After The Storm