A member of the incident response team should be

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ted by automated security controls, the first stage carried out by the incident response team should be triage. Triage in this sense is very similar to triage conducted by medics when treating people who are injured. The crux of it is, “Is this person really hurt?” “How bad is this person hurt?” “What type of treatment does this person need (surgery, stitches, or just a swift kick in the butt)?” So that’s what we do in the computer world too. We take in the information available, investigate its severity, and set priorities on how to deal with the incident. This begins with an initial screening of the reported event to determine whether it is indeed an incident and whether the incident-handling process should be initiated. A member of the incident response team should be responsible for reviewing an alert to determine if it is a false positive. If the event is a false positive, then it is logged and the incident ch10.indd ch10.indd 883 12/4/2009 11:39:10 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 CISSP All-in-One Exam Guide 884 response process for this particular event is complete. However, if the event is determined to be a real incident, it is identified and classified. Incidents should be categorized according to their level of potential risk, which is influenced by the type of incident, the source (whether it’s internal or external), its rate of growth, and the ability to contain the damage. This, in turn, determines what notifications are required during the escalation process, and sets the scope and procedures for the investigation. Once we understand the severity of the incident taking place, we move on to the next stage, which is investigation. Investigation involves the proper collection of relevant data, which will be used in the analysis and following stages. The goals of these stages are to reduce the impact of the incident, identify the cause of the incident, resume operations as soon as possible, and apply what was learned to prevent the incident from recurring. It i...
View Full Document

This note was uploaded on 06/01/2013 for the course NET 125 taught by Professor Hurst during the Fall '12 term at Wake Tech.

Ask a homework question - tutors are online