10.4 Incident handling procedures

10.4 Incident handling procedures

The flowchart in Figures 10.1 10.3 show the basic steps you should take to build your incident handling response system.

click to expand
Figure 10.1

click to expand
Figure 10.2

click to expand
Figure 10.3

  1. We start out with an incident. The incident is detected or reported into the system.

  2. A focal point contact will review the incident and decide on the severity of the incident (may consult with other members on the needed course of action).

  3. A severity will be assigned. The level of response will reflect the severity of the incident.

  4. The required team members will be contacted and the needed action will be implemented.

  5. An initial fix may be required. If so, the fix will be attempted. If not, a permanent solution will be developed and implemented.

  6. One step that is missing is the analysis of the cost impact to the company. This will need to be considered and reported. The cost analysis can impact the "lessons learned" part of the process.

  7. Finally, the security policies need to be updated from what was learned from the incident.

Internet Security(c) A Jumpstart for Systems Administrators and IT Managers
Internet Security: A Jumpstart for Systems Administrators and IT Managers
ISBN: 1555582982
EAN: 2147483647
Year: 2003
Pages: 103
Authors: Tim Speed, Juanita Ellis

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net