The IRT will meet and assess the situation to determine the proper response. Things it will consider include:
- Is the incident real or perceived?
- Is the incident still in progress?
- Is the incident security-related, information discontinuity, or both?
- What data or property is threatened and how critical is it?
- What key business processes are impacted?
- What facilities, staff, systems, IT, or other resources are impacted?
- Is the response urgent?
- Can the incident be quickly contained?
- What is the impact level on the business should the attack succeed? Low Impact, Moderate Impact or High Impact?
- What system or systems are targeted? Where are they located physically and on the network?
- Is the incident inside or outside the physical premises?
- What is the suspected origin of the incident, intrusion, or attack?
- Might a crime have been committed?
Contributed by Citadel Information Group
© Copyright 2017. Citadel Information Group. All Rights Reserved.