Incident Response

Organizations have to be able to respond when the breach occurs. Having a plan along with the tools and personnel to effectively respond can go a long way in mitigating the damage.

The National Institute of Standards and Technology (NIST) outlined the incident response life cycle in their Computer Security Incident Handling Guide. We can use this to walk us through an incident from beginning to end. The phases are: preparation, prevention, detection and analysis containment, eradication and recovery, and postincident activity (Scarphone, Grance, & Masone, 2008).

Preparation—Preparation is key for organizations to respond quickly and effectively to any network security event. There are many steps an entity can take during the preparation phase. Planning is obviously one such step. A network's defenses should also be assessed and tested at regular intervals in order to identify vulnerabilities.