لطفا منتظر باشید ...
Incident Handling Process
In the past when developing a security policy, incident handling was often overlooked. The result of that approach was that when an attack was in progress, many decisions were made in haste. Hastily made decisions actually made it more difficult to track down the source of the incident, collect evidence to be used in prosecutions, prepare for the recovery of the system, and protect the valuable data contained on those systems.One of the most important, but often overlooked, benefits for efficient incident handling is economic. Having both technical and managerial personnel respond to an incident requires considerable resources. If employees are trained to handle incidents efficiently, less staff time is required when an incident occurs. Another benefit is related to public relations. If news comes out about security incidents, an organization's stature among current and potential clients can be damaged. Efficient incident handling minimizes the potential for negative exposure.As in any set of preplanned procedures, attention must be paid to a set of goals for handling an incident. These goals are prioritized differently depending on the organization. The following list identifies objectives for dealing with incidents:
- Determine what happened
- Plan how to avoid a repeat attack
- Avoid escalation and further incidents
- Assess the impact and damage of the incident
- Recover from the incident
- Update policies and procedures as needed
- Identify the perpetrators
Depending on the nature of the incident, there might be a conflict of priorities between analyzing the original source of the problem and restoring systems and services. Major goals such as assuring the integrity of critical systems may be the reason for not analyzing an incident. This is an important management decision, but everyone involved must be aware that without analysis, the same incident can happen again.
