Incidence response is the systematic approach towards managing and addressing the aftermath of a cyber-attack, computer incident or security breach. The primary importance of incident response is to ensure that such situations get handled well and there is limited damage, cost and short recovery time. These incidence response activities are carried out by the incident response team in the organization (Choucri et al. 2014).
This paper will discuss how to come up with an IT incident response plan for an organization. An incident response plan is a plan to help organizations to detect, respond to and reduce the cybersecurity incidents effects. Incidents such as malware, breaches, viruses firewall, data breaches, and insider attacks are not true disasters but could become one is no quick response gets initiated. There is always a need to acknowledge an incident fast, assess its nature, assess its severity and respond to it appropriately. This aspect, therefore, calls for the development of a kind and effective incident plan.
A good incident response plan must identify the roles of different members of the incident repose team as well as describing their responsibilities. The policy should also stipulate the tools, soft wares, technologies, and other resources that the firm will use to combat incidents. These tools should enable it to recover data and recover systems that are compromised (Choucri et al. 2014). The order of the steps of an organization’s response plan depends on various variables such as regulatory compliance and vulnerabilities in cybersecurity. A good incident response plan should have the following steps;
Preparation- the organization, should have frameworks for training its users and ICRST on various incidents and how best to handle them. This step ensures that the organization is prepared to meet any form of threat that may come by and it will not take long before they solve the issue.
Incident reporting- the firm should lay down a protocol to be used in reporting any incident for appropriate measures to be undertaken.
Identification- once the team gets trained and prepared and there is a suspected incidence, the team should be capable of identifying the security incidence. The team should use its skills and technologies to identify and assess if the incident is indeed a threat or not.
Containment- here the team limits damage by the security incidence. If it’s a malware or virus the incident response team isolates the damaged or affected systems from those that are not affected or they create more protection for the whole systems. This aspect will ensure that the threat does not spread across the whole system.
Eradication- this step is of fundamental importance to the whole process of incident response. Elimination is done through identification of the cause of the incident, its route and then removing the affected systems from the organization’s production system.
Recovery- after the affected systems gets cleared on the threat which could be malware, virus or firewall the systems are clear for use. They are then allowed back into the environment of production. The team ensures that there is no threat left.
Lessons learned- according to the sages every day is a learning day. The team should assembly, assess the whole incident, and assess the response and the entire response plan. From such an incident response assessment, the team learns where they went wrong, what was right about their response and how to improve (Grispos et al. 2014).
Improvement- according to the sages the room of development is the largest room. From the incident response assessment process the team will have suggestions on how best to improve the current apparatus, technology, and skills to prevent or combat such an incident in the future.
In conclusion, an incident response plan facilitates detection and the ultimate resolution of a cyber-security threat or incident. Having a good incident plan ensures that an organization responds effectively to such threats readily and also provides that the response is corresponding to the anticipated incident’s impact (Buczak & Guven, 2016).
Do you need high quality Custom Essay Writing Services?