?The purpose and critical success factors of a computer
incident response team and an incedent response plan are as
follows:
- The team allows you to quickly pre-establishing the response of
an incident and also helps in minimizing the potential damage
.
- It helps in reducing the harms that are related with incidents,
this helps to save your business.
- It helps to separate ISPs and seurity services and also educate
staff and the administrators. It increases general security and
helps in corordinating responses from a single point.
- As it prepares everything in advance, the cost can be minimized
and also the damages related to this will be minimized.
The major parts of Incident response plan are as
follows:
- Preparation: This step inludes the incident
response planning to ensure that all the employees of the
organization are properly trained about their roles and
responsibilities regarding incident response plan.
- Identification: This step includes the
checking of whether the incident has breached or not. Identfying
about what have breached helps in knowing about the affeted areas
quikly.
- Containment: This step inludes deleting
everything, when it is discovered that there is a breahed condition
developed. You can devise a plan to mitigate from the damages
caused by the breached situation.
- Eradication: It helps to identify the root
cause of breach and thereby eliminating it then and there. It
includes removing all the malwares and all the updates should run
on time.
- Recovery: In this step, all the affeted
systems are reovered and mostly returned back in the business
environment again.
- Lessons Learned: It includes having an after
action meeting after the completion of the investigation It
includes documenting everthing related to the breach.
?