Incident Response And Its Phases blog by Tommy Hinderson

Incident Response And Its Phases
Back To Blogs List

Incident response refers to a set of policies and procedures that are used to identify, contain, and eliminate cyberattacks of all kinds. The major objective of this process is to help the organisation detect and halt potential attacks rapidly. It further helps to minimize the damage caused and prevent future attacks. Cyber kill chain and incident response are more or less the same.

The NIST incident response framework is a part of the intelligence-driven defence model to easily detect and prevent cyberattacks of all kinds.

Now that we know the basics of incident response, let us know the different phases of the NIST Incident Response Lifecycle.

Phases of the Incident Response Lifecycle!

The following steps of the incident response occur in the form of a cycle, every time an incident occurs.
● Preparation of the Systems and Procedures:
When preparing for the first time, you will have to review the security measures that are already in place to know the degree of effectiveness. This phase involves the assessment of risks to know the vulnerabilities that currently exist and the priority of assets. That said, this phase includes the refinement of all existing policies and procedures, and you can also write new ones if you are lacking.

● Identifying Threats:
The cybersecurity training in London helps people identify the threats using several tools and applications. The teams then work to identify all kinds of suspicious activities. When they detect an incident, they need to work to capture the details of the attack that includes the nature, its source and the objective of the attacker.
After a particular incident is confirmed the communication plans are then initiated accordingly. Other people like the team member, stakeholders, security members, legal counsel, etc., are informed of the incident and they discuss the next steps that are to be taken.

● Eliminating Threats:
During and after the containment of the attack, you will get to know the full extent of the attack. The teams by now know the systems and resources that are affected, and they begin ejecting attackers and eliminating malware from the system. The process continues, until and unless all traces of the attack are removed.

● Recovery and Restoration:
The team then works to bring the updated replacement system online. Usually, the systems are restored without the loss of data, but it is not always possible. The recovery phase is carried out for a while since the team has to monitor systems for a while to make sure that the attack is not made again.

● Refinement and Feedback:
This phase requires learning lessons and the team reviews the steps that were taken while responding to the attack. The entire process is addressed; members observe what went well and what didn't, to make suggestions for future improvements.

You can take up cyber incident response training if interested in preventing and eliminating cyber-attacks. CERT training will give you the skills to respond rather than just knowing what should be done. A candidate will then be eligible to become an incident response expert.

Post a New Comment

Name:

2 + 9 = <-- Please solve this simple math problem to post a comment.

Comments

By cipdexperts 5 months ago

Reply: cipd level 3 online are professionals with specialized knowledge and expertise in handling assignments related to the Chartered Institute of Personnel and Development (CIPD) qualifications.
By Elis 2 years ago

Reply: Is AcaDemon a good essay writing company? I need assignment help on a difficult subject. Where can I check out an honest and real Academon.com review?
By Alice Morgan 2 years ago

Reply: incident response framework by The NIST is a great initiative for cybersecurity. I also downloaded this framework for my website of expert CIPD writer lebanon, so that I may know about all cyber-attacks on my website and on my platform.

Questions? Call Us.

Comments