Chapter 8. Incident Handling

A security breach is often referred to as an incident. An incident is any breach that results from an external intruder attack, unintentional damage, an employee testing some new program and inadvertently exploiting a software vulnerability, or a disgruntled employee causing intentional damage. Each of these possible events should be addressed in advance by adequate contingency plans.

The time to think about how to handle a security incident is not after an intrusion has occurred. When a security breach hits, it can cause widespread panic for unprepared corporations where a flurry of disorganized activity can cause even more disruption as impatient managers try to ascertain the damage while defensive administrators ...

Get Designing Network Security Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.