Introduction: Respond to Cyber Attacks
Get an overview of how to respond to security threats.
“What happens is not as important as how you react to what happens.” – Ellen Glasgow
Being perpetually prepared
It’s not a matter of if but when a security incident will hit. It’s only a matter of time. Even if an entity has been lucky enough not to experience a significant security incident to date, the appropriate stance to take is assume it will happen at some point. This perspective can help ensure preparations take place.
Severity of security threats
An incident is the most severe kind of information security issue when as compared to alerts or events. The order of severity is as follows:
-
Alert
-
Event
-
Incident
Transition from alerts to events appropriately
There will be some events that are severe enough that they’re escalated to incident status. This isn’t done lightly. A typical security incident requires the entire team’s focus to stop and repair the damage, which can take several hours or even days. Declaring an incident should involve getting prior approval from leadership and having a response plan available to effectively and efficiently address the issue.
Transitioning from events to incidents appropriately
There will be some events that are severe enough that they are escalated to incident status. This is not done lightly, as a typical security incident requires the entire team’s focus to stop the damage and bring systems back to the pre-incident state (which can take several hours or even days.) Declaring an incident should involve getting prior approval from leadership and having a response plan available to effectively and efficiently address the issue.
Blueprint of what will be covered
This chapter covers the response and remediation of security events and incidents. If a security team operates under the assumption that a serious security incident will eventually occur, they’ll be prepared when one does. Operating under the belief that the organization is immune to attack provides only a false sense of security and is a setup for certain failure.
Maturity levels aren’t included in this chapter.
Get hands-on with 1400+ tech skills courses.