6 Steps of Incident Response Plan SANS - Cybersecurity ...

6 Steps of Incident Response Plan SANS · 1. Preparation · 2. Identification · 3. Containment · 4. Data Eradication · 5. Data Recovery · 6. Lessons Learned. SkiptocontentTheSANSInstituteisaprivateorganizationthatdoesinformationsecurityresearchandeducation.We’llgooverthesixcomponentsofanincidentresponseplanSANSin-depthinthisarticle. So,thisincludestheelementslikepreparation,identification,containment,anderadication.ContinuereadingtolearnmoreaboutCynet’s24-hourincidentresponseteamandhowtheymayassistyourcompany. TableofContents hide 1 WhatisanIncidentResponsePlan:Overview 2 6StepsofIncidentResponsePlanSANS 2.1 1.Preparation 2.2 2.Identification 2.3 3.Containment 2.4 4.DataEradication 2.5 5.DataRecovery 2.6 6.LessonsLearned 3 WhatisaCSIRT? WhatisanIncidentResponsePlan:OverviewIncidentresponseassistscompaniesinmakingsurethattheyareawareof securityincidents andcanrespondrapidlytolimitharm.Thegoalisalsotopreventfutureattacksorsituationsthataresimilartothisone.6StepsofIncidentResponsePlanSANS1.PreparationDuringthefirstphase,first,examineandcodifyanorganization’ssecuritypolicy, conductariskassessment,identifysensitiveassets,determinewhichsignificantsecurityincidentstheteamshouldfocuson,andestablishaComputerSecurityIncidentResponseTeam(CSIRT).2.Identification Next,identifyeventsthataresecurityincidents.Thismayincludemonitoringtheorganization’senvironmentforsuspiciousevents.Forexample,checkITsystemsfordeviationsfromusualoperationsanddetermineiftheyaresecurityincidents.Collectadditionalevidence,determinethetypeandseverityoftheoccurrence,anddocumenteverything.3.ContainmentOnceanincidentisidentified,ensurethatitdoesnotspreadorcausemoredamage.Forexample,takeallnecessarystepstopreventtheattackerfromspreadingawormoravirus.Also,makesurethattheattackerisnotabletoaccessanymoreofthesystem’sresources.4.DataEradicationThisstepisaboutmakingsurethatunauthorizedinformationisnotkeptinanyofyoursystems.Forexample,takeallnecessarystepstoremovemaliciouscodefromtheorganization’ssystems.Also,figureouthowthedatawascollectedanddeterminewhatcanbedonetopreventadditionaloccurrences.5.DataRecovery Afteryouisolateanincident,trytorestoretheaffectedsystemstotheirnormalstate.Forexample,youcantrytorecoverdatathathasbeendamagedduringanattack.Takeallnecessarystepstorecovertheaffectedsystemsandrestorethemtonormaloperation.6.LessonsLearnedDuringthisphase,first,figureoutwhatcausedthesecurityincidentandthendevelopaplanforpreventingsimilaroccurrencesinthefuture. Forexample,ifitwasawormoutbreak,figureouthowitspreadthroughyournetworksandthendevelopaplanforpreventingsimilaroccurrencesinthefuture. Also,findoutifthereareanyregulatoryrequirementsrelatedtothissecurityincidentandthendevelopaplanformeetingthem.Planforrecoveryfromfutureattacksaswellasrecoveryfromthisattackitself.Forexample,youwillneedrecoveryplansforiftherearemultipleattacksoriftherearecriticalsystemfailuresduringrecoveryefforts.WhatisaCSIRT?AComputerSecurityIncidentResponseTeam(CSIRT)isanorganizationorgroupthatassistsinrespondingtocomputersecurityincidents. Forexample,aCSIRTcanhelpwithincidentdetection,analysis,andresponse.Also,aCSIRTcanhelpwithcoordinationandcollaborationduringincidentresponseefforts.Forexample,a CSIRT canbeanorganizationwithinthebusinessoritcanbeaseparateorganizationthatworkswiththebusiness.Theorganization’ssizeandstructurewilldependonthesizeofthebusinessanditssecurityneeds.Forexample,asmallbusinessmayonlyneedonepersontorespondtosecurityincidents. However,alargecompanymayneedateamofpeoplewhospecializeinvariousareaslikeresponsecoordination,analysis,andincidentprevention. Clicktoratethispost[Total:0Average:0]Postnavigation←PreviousPostNextPost→ Searchfor: AdsbyCSA RecentPosts WhatYouCanDowiththeRiseofRansomware WhatisSocialMediaDataPrivacyAwareness? WhatisDataPrivacyAwareness? WhatisTwo-factorAuthentication? WhatisMulti-factorAuthentication?Tagsartificialintelligence AutomatedCybersecurity AutomationinCyberSecurity cloudcomputing CloudComputingSecurity companydatasecurity computersecurity computersecuritysolutions computersecuritythreats computersecuritythreatsandsolutions Cyberattack cyberattack CyberProtection Cybersecurity CyberSecurity cybersecurityanalyst cybersecurityattacks CybersecurityAutomation CybersecurityAwareness CybersecurityCareer CybersecurityCareerPath cybersecuritycompanies cybersecurityexpert CybersecurityFramework CybersecurityInformation CybersecurityServices CybersecuritySolutions CybersecurityThreats CybersecurityTips CybersecurityTraining databreach Healthcarecybersecurity incidentresponseplan IncidentResponsePlanTemplateNIST informationsecurity InformationSecurityJobs InformationSecurityPolicies InformationSecurityStandards networksecurity NetworkSecurityCompanies phishing Security securitysolutions socialmediacybersecurity Threats ScrolltoTop