Incident Response

Provide (2) 150 words response with a minimum of 1 APA references for RESPONSES 1 AND 2 below. Response provided should further discuss the subject or provide more insight. To further understand the response, below is the discussion post that's discusses the responses. 100% original work and not plagiarized. Must meet deadline.

RESPONSE 1:

First of all, each part of incident response is absolutely crucial, and the effectiveness of the greatly diminishes if one of them is missing. Now it could also be noted that some of the steps would actually be impossible without another previous step. On that logic, I am going to pick incident identification. Without incident identification, none of the other steps will be completed or completed efficiently. In this stage a list of questions are asked and answered through investigation. Questions like: What actually happened? What was compromised? Is this a hack or not? Does this attack cease normal operations? When did it take place? Who discovered it? What is the origin of the attack? What is the type of attack? What malware was used in the attack? As this is the first phase upon discovering the incident, all the different people will be contacted according to the response plan. While investigating there must be no corruption of any evidence. The initial investigators will determine what is all compromised and classify the incident with threat levels. It needs to be determined if the law, shareholders, lawyers, or customers need to be contacted based off of the findings. There will be a lot of documentation throughout this process as well. This is all very important, because everything following this will be executed on the knowledge gained in this stage. How well the investigation stage is done and what needs to change will be brought up later in the debriefing and feedback stage, so that it can improve.

Jaron

2015. SAMPLE INFORMATION SECURITY INCIDENT RESPONSE PLAN. [ebook] ePlace Solutions, Inc. Available at: <https://www.isbamutual.com/wp-content/uploads/2018/08/Cyber-Incident-Response-Plan.pdf> [Accessed 20 August 2020].

RESPONSE 2:

When considering the phases of incident response, we have incident identification, triage, containment, investigation, analysis and tracking, recovery and repair, and debriefing and feedback. They are, in their own right, all very important steps in the process, but some of the most crucial phases in my opinion are incident identification, containment, and debriefing and feedback. 

Incident identification - This step is one of the most important simply for the fact that you cannot react until you know there is a problem. Unfortunately, a lot of the time this work is reactionary instead of proactive. Having skilled people who are able to identify a potential problem early enough to stop large potential damage.

Containment - This step is also important because it is paramount to remove the compromised device from communication with any device that it could potentially effect as early as possible. Along with incident identification, containment of a threat will likely eliminate a potentially much larger incident.

Debriefing and feedback - This phase is an incredibly important tool for anybody not in the IT field. Not only is this where you will inform your higher ups the results of your work, but this is also where you can look back at the incident non objectively and poke holes in the process. This is where you can look for what went well, what did not, and what can be improved upon in the future. Using this step to educate users on detection techniques and basic safety precautions to reduce risk of damage could help prevent incidents in the first place.

Chris