EC-Council: Computer Hacking Forensic Investigator(CHFI-V10) |
||||
Module 1 : Computer Forensics in Today's World |
||||
| Notes available : 31 |
You are not logged in. Please Login for track your learning progress |
|||
Incident Response and its Process Flow
Incident response is a process of responding to incidents that may have occurred due to security breach in the system or network. The goal is to handle the incidents in a way that minimizes the damage and reduces recovery time and costs. It is performed by the Computer Incident Response Team (CIRT) of an organization, which is responsible for identifying how a breach occurred, how to locate the method of breach, and how to mitigate the breach.
Incident response combines various cybersecurity processes under a single procedure for combating incidents and to ensure a quicker response, better control and management, ease of communication, improved use of resources, even distribution of tasks, efficient reporting, and so on.
The steps of the Incident Response process flow are listed below:
▪ Step 1: Preparation for Incident Handling and Response
▪ Step 2: Incident Recording and Assignment
▪ Step 3: Incident Triage
o Incident analysis and validation
o Incident classification
o Incident prioritization
▪ Step 4: Notification
▪ Step 5: Containment
▪ Step 6: Evidence Gathering and Forensic Analysis
▪ Step 7: Eradication
▪ Step 8: Recovery
▪ Step 9: Post-Incident Activities
o Incident documentation
o Incident impact assessment
o Review and revise policies:
o Close the investigation
o Incident disclosure
 |
Go to notes |  |