Responding to Incidents

In the best of worlds, all of your risk management practices will prevent any incidents. However, avoiding all incidents is highly unlikely, so organizations also come up with a plan for how to respond to incidents when they occur.

In the context of IT security, a security incident is any violation of policies or security practices that has the potential to result in an adverse event. NIST SP 800-61, Computer Security Incident Handling Guide, provides several definitions that are helpful in identifying incidents:

An event is any observable occurrence in a system or network.

Adverse events are events with a negative consequence, such as system crashes, network packet floods, unauthorized use of system privileges, unauthorized ...

Get SSCP Systems Security Certified Practitioner All-in-One Exam Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.