Incident Response (IR) Revamp
Incidence response efforts are summarized into six steps which will be discussed in this section. Preparation being the first step involves the training of users and IT employees on responding to network and computer security incidents in a correct manner and also fast. They also train them on the importance of updating computer security measures. The second step is identification of the causative agents of the security issue in case it is interfered with. This includes liaising with CERT centers which tracks internet security, so as to obtain information on malwares.
The third step is containment; it involves determining the affected systems by the malwares and taking measures to ensure the malware does not spread to unaffected systems. This is done through containing such systems, or disconnecting the affected from the others hence preventing further damage.
………………………Middle of paper……………………………
The third category is Mission-Support Information System; it entails any system that is not needed by an organization to complete its mission and its loss would lead to a limited adverse impact in that process of accomplishing the purpose (The University of Texas Health Science Center at San Antonio, 2009).
The use of log management in Incident Response is responsible as it works by tying logs to user identities hence the activity of the user can be tracked. In case of a security issue, the user who introduced the malware can be identified and the type of malware also identified. If this technology is not utilized, Incident Response may take a lot of time trying to identify the user and the malware, whereas this might have been completed in a short time. Therefore, it ensures efficiency.
Rouse, M. (2014). incident response. Retrieved from Search Security: http://searchsecrity.techtarget.com/definition/incident-response