The Three "R"s of Incident Response: Respond, Recover and (Public) Relations
Posted by: Ben Uphoff in Network Forensics, incident response, tags: incident response, network breaches, public relations, recoveryIncident response (IR) is a critical responsibility for network security analysts and system administrators. Anyone operating a network should have an incident response plan in place so that when a network breach occurs everyone involved knows their roles and responsibilities. If a plan is not in place (or nearly as bad, the employees have not been trained to execute the plan) a simple incident can quickly be blown out of proportion and cause damage to the reputation of the organization and its employees.
To most people, IR means a call to action when a new threat emerges or the network is breached (broken in to). Most people think of IR solely in this capacity but responding to an event or incident is too complex to lump into a single category. This article extends the IR concept by breaking the traditional “response” component into three separate areas:
- Response: the initial set of actions taken by system administrators and security analysts to asses the situation and stop the incident from spreading.
- Recovery: this step involves getting effected machines back online and returning to regular operations.
- (Public) Relations: even after the incident is contained and corrected, there may be PR fallout from the incident. This step is overlooked almost universally.
Entries (RSS)