What do you do if your company is experiencing a system failure or is being hacked by unknown parties? Especially when this incident was published to the public. You certainly have to do something to maintain the credibility of the business in the eyes of customers. The incident is something that has an impact on the security of computer systems and networks. In this case, a threat is any observable thing that happens to a computer or network. Threats can be in the form of connecting computers to other computers or networks that are not authorized, access to files, system shutdowns, and so on. The resulting side effects include system crashes, flooding of packets in the network, unauthorized use of other user accounts, abuse of system privileges, destruction of one or more web pages.
In the computer world, security terminology is focused on three attributes known as CIA, namely Confidentiality (types of information that require security proteases, Integrity (from information, systems, services), Availability (from information, applications, services, systems, networking). In this case, the forms of incidents that appear are generally based on the CIA models.
In addition to the standard CIA-oriented incident model, in line with the development of technology and computer user behavior, a number of new security issues have emerged that must be anticipated, including:
- Reconnaissance
- Repudiation
- Harassment
- Extortion
- Pornography Trafficking
- Organize Crime Activity
- Subversion
- Hoaxes
In this case incident response is an important part of the computer security lifecycle. There are three components in the life cycle, namely countermeasures, detection, and incident response.
Reason Needs Incident Response
- New attacks appear more and more frequently.
- Prevention Risk Assessment does not prevent all incidents.
- Handle incidents quickly and systematically, minimizing losses.
- System interconnection and interdependence require collaboration.
After an incident is detected and realized, the next logical step is to conduct a study in the form of an assessment of the type of incident, its impact, location, causes, characteristics. Furthermore, a number of security responses were carried out to prevent the same thing from happening again by improving existing defense mechanisms and procedures.
Incident Response is a team responsible for receiving, reviewing, and responding to cybersecurity incident reports and activities. This team was formed with the aim of conducting comprehensive investigations and protecting systems or data for cybersecurity incidents that occurred in the organization. In addition to carrying out incident prevention by being actively involved in threat assessment and detection, mitigation planning, and reviewing the organization’s information security architecture.
Incident Response
- Detect As Soon As Possible
- Diagnosis As Accurate As Possible
- Control Incidents Precisely Possible
- Control Impact to a Minimum
- Restore Affected Services
- Find the Main Cause
- Prevent Further Incidents
- Adequate protection of critical information assets
- Minimize risk to an acceptable level
- All stakeholders understand IRP and its role
- Root causes of all incidents are adequately addressed
- Better documentation and communication
- Increased security awareness
- Assurance to all parties affected by the incident
Incident Response Management
- Incident management prevents incidents from occurring
- Operational aspects of risk management
- The goal is to minimize and manage the impact of the incident
- Risk management and BIA determine resource priorities
- Need Incident Response Program and Planning
In addition to reporting to the authorities, you must also make an incident response plan. It is better if this incident response plan has been prepared as a preparation for you to face business challenges in the midst of the development of network science and technology. An incident response plan must be made in detail, including several scenarios that must be carried out in the event of a data security breach or network failure. Incident response documents usually vary depending on the needs of each company.
Related Posts
