An approach to addressing and managing the aftermath of a security breach or attack (also known as incident).An incident response plan includes a policy that defines, in specific terms, what constitutes an incident and provides a step-by-step process that should be followed when an incident occurs.
DIGITAL TASK FORCE experts assist customer’s incident response team in handling the incidents effectively as below:
Preparation: The organization educates users and IT staff of the importance of updated security measures and trains them to respond to computer and network security incidents quickly and correctly.
Identification: The response team is activated to decide whether a particular event is, in fact, a security incident. The team may contact the CERT Coordination Center, which tracks Internet security activity and has the most current information on viruses and worms.
Containment: The team determines how far the problem has spread and contains the problem by disconnecting all affected systems and devices to prevent further damage.
Eradication: The team investigates to discover the origin of the incident. The root cause of the problem and all traces of malicious code are removed.
Recovery: Data and software are restored from clean backup files, ensuring that no vulnerabilities remain. Systems are monitored for any sign of weakness or recurrence.
Lessons learned: The team analyzes the incident and how it was handled, making recommendations for better future response and for preventing a recurrence.