In the event of a security or privacy incident, the IRT’s response strategy will manage the following:
- What needs to be done to contain the incident and prevent the attack from spreading?
- How do we prevent the attack from re-occurring?
- Will the response alert the attacker and do we care?
- What needs to be documented about the incident including how it occurred, where the attack came from, what the response was, and whether the response was effective.
- What evidence is to be preserved including hard drives, audit logs, email correspondence, witnesses spoken to, etc.
- Who needs to be notified, including personnel, clients, law enforcement, insurance, outside information security vendors, the Organization’s attorney, external legal counsel, etc.
The response strategy for a security incident is to include the following:
- Evidence Preservation
- Containment and Restoration
Contributed by Citadel Information Group
© Copyright 2017. Citadel Information Group. All Rights Reserved.