An Incident is an event that might be, or could lead to loss of,or disruption to business operations.
The goal is to Minimize negative impact, Restore business quickly & ensure Service Quality levels.
Incident management involves the activities to identify,analyze and correct hazards to prevent re-occurrence. It is a process to restore the services to normal quickly as possible after an incident while minimizing the impact on business.
Cyber Security Incident Management
The NCSC defines cyber security incident as:“A breach of a system’s security policy in order to affect its integrity or availability, the unauthorised access or attempted access to a system“.
In a cyber incident management system, we are adding importance to the learning phase and being proactive. Our focus is not merely on protection, but to be prepared for any incidents that might happen and deal with it on the fly.
Cyber security incident management, it is a cycle that consists of a preparation phase, an incident detection phase and a phase of incident containment, mitigation and recovery. The final phase consists of drawing lessons from the incident in order to improve the process and prepare for future incidents.
As cyber security threats continue to grow in volume and sophistication, an organization should be able react to such incidents in a appropriate manner. So it is important how an organization will handle certain situations ahead of time rather than during an incident. Here comes the importance of Incident response plan. Make a plan to reduce damage,costs and recovery time and to communicate with the internal and external stakeholders. It is important to review and update the plan regularly, on a yearly basis and as part of the post incident review.
Need of Incident Response Plan
One of the largest personally sensitive information attack in the recent years was the Equifax security breach. 143 million American consumer data, including SSN (Social Security Number) and driving license details were compromised. This infact was the third major cybersecurity threat since 2015.
The breach in Equifax shouts that no security / defensive IT system is 100% foolproof. An expert IT team / cyber security team can ensure preventive measures to the extend possible, but we should not depend entirely on it. The organization should keep themselves updated, prepared for, future threats which would help deal with incidents on the fly as it happens.