The Chief Financial Officer (CFO) sees you in the lunch room. Knowing that you a
ID: 3718061 • Letter: T
Question
The Chief Financial Officer (CFO) sees you in the lunch room. Knowing that you are leading the company’s incident response initiative, she comes over to your table and asks if you have time to answer a question. You are surprised, but say yes. Her question is simple and to the point: “Can you explain this incident response thing to me, in nontechnical terms, so I can respond appropriately at the next board meeting in the discussion?” In response, you offer to prepare a written outline for the CFO. In one page, outline the major points that need to be addressed and give examples in language suitable for the audience.
Explanation / Answer
Incident Response - Incident response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack, also known as an IT incident, computer incident, or security incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
Ideally, incident response activities are conducted by the organization's computer security incident response team (CSIRT), a group that has been previously selected to include information security and general IT staff as well as C-suite level members. The team may also include representatives from the legal, human resources and public relations departments. The CSIRT response should comply with the organization's incident response plan (IRP), a set of written instructions that outline the organization's response to a cyberattack.
Importance of incident response:- Any incident that is not properly contained and handled can -- and usually will -- escalate into a bigger problem that can ultimately lead to a damaging data breach or system collapse. Responding to an incident quickly will help an organization minimize losses, mitigate exploited vulnerabilities, restore services and processes, and reduce the risks that future incidents pose. Incident response enables an organization to be prepared for the unknown as well as the known and is a reliable method for identifying a security incident immediately when it occurs. Incident response also allows an organization to establish a series of best practices to stop an intrusion before it causes damage.
Incident response plan - An IRP should include procedures for detecting, responding to and limiting the effects of a data security breach. Incident response plans usually include instructions on how to respond to potential attack scenarios, including data breaches, denial of service/distributed denial of service attacks, network intrusions, virus, worms or malware outbreaks or insider threats. Without an incident response plan in place, an organization may not detect the attack, or it may not follow proper protocol to contain the threat and recover from it when a breach is detected.
There are six key phases of an incident response plan:-
Who is responsible for incident response?
Please let me know in case of any clarifications required. Thanks!