Incident response is a vital part of any successful IT program and is frequently overlooked until a major security emergency has already occurred, resulting in untold amounts of unnecessary time and money spent, not to mention the stress associated with responding to a crisis. In the most basic terms, an incident is a situation in which an entity’s information is at risk, whether the situation is real or simply perceived. Common examples of incidents include the following, by no means complete list of incident types:
A company’s web site is defaced by an intruder. The company seeks to find the perpetrator and recoup financial damages for tarnishing the company’s reputation.
An employee at a company is believed to be selling trade secrets to a competitor.
A rival corporation is believed to be dialing into a company’s computing systems and downloading financial performance data.
A computer virus is spreading among employees by way of infected Microsoft Word document files shared over email.
These situations are serious incidents that could easily result in significant impact to a company if not handled appropriately. Clearly, it is that level of impact that is most important to a business. To a typical corporation, the most severe type of incident is one that adversely affects a business process. Any company that does not understand the potential impact of an information systems security incident need only ask its senior business managers what the impact would be if their business functions were delayed, halted, or otherwise diminished. To exacerbate the situation, business managers and many senior executives are generally not technologists or experts in the underlying IT infrastructure supporting their business process.
Get Incident Response now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
