In IT security, incident response includes the area responsible for responding to cyber incidents, basically, a computer emergency team. Often these are external service providers.
Incident Response encompasses three main tasks, the scope of which varies greatly from provider to provider:
1. Analysis
An incident response team helps with the assessment of an incident and decides, along with those affected, which measures will be effective. These include, for example:
- Reconstruction of events
- Assessment of the extent of damage
- Coming up with concrete recommendations for action
2. Data recovery
In addition, incident response personnel help to resume operations as quickly as possible by attempting to salvage affected devices/services and data on them. Depending on the incident, a full salvage or recovery is not always guaranteed. The previous analysis ensures the necessary care to prevent re-infections.
- Measures against cyber incidents
- Locate hidden copies of the data
- Proper loading of backup copies
- Judicial proof of evidence
3. Documentation and followup
A final report summarizes key findings and recommendations on how to effectively protect the business in the future.
- Multi-page report that includes a chronicle of events, possible causes and recommendations for action.
- Prerequisite to comply with reporting requirements and insurance requirements.
Related articles
-
Advanced Persistent Threat
Means “sophisticated, persistent threa” and refers to particularly elaborate cyber attacks. Advanced persistent threats are mostly targeted and can cause massive damage, on the one hand via data destruction (sabotage), while on the other hand, by spying on particularly valuable data, such as state secrets or product innovations (espionage).
mehr lesen -
Data Backup
Is an alternative term for “backup” and refers to the process of creating backup copies of existing data. -> for more information, see the “Backup” keyword.
mehr lesen