“To formulate an incident-response policy to reduce network down time for future incidents to occur”
Introduction
How prepared is your information technology (IT) department or administrator to handle security incidents? Many organizations learn how to respond to security incidents only after suffering attacks. By this time, incidents often become much more costly than needed. Proper incident response should be an integral part of your overall security policy and risk mitigation strategy. There are clearly direct benefits in responding to security incidents. However, there might also be indirect financial benefits. For example, your insurance company might offer discounts if you can demonstrate that your organization is able to quickly and cost-effectively handle attacks (Wang, 2009).
Or, if you are a service provider, a formal incident response plan might help win business, because it shows that you take seriously the process of good information security.
This document will provide you with a recommended process and procedures to use when responding to intrusions identified in a small- to medium-based (SMB) network environment. The value of forming a security incident response team with explicit team member roles is explained, as well as how to define a security incident response plan.
To successfully respond to incidents, you need to:
Minimize the number and severity of security incidents.
Assemble the core Computer Security Incident Response Team (CSIRT).
Define an incident response plan.
Contain the damage and minimize risks.
Main Body
Minimizing the Number and Severity of Security Incidents
In most areas of life, prevention is better than cure, and security is no exception. Wherever possible, you will want to prevent security incidents from happening in the first place. However, it is impossible to prevent all security incidents (Kizza, 2009). When a security incident does happen, you will need to ensure that its impact is minimized. To minimize the number and impact of security incidents, ...