Incident response is planned action in response to adverse events affecting systems, networks, and data. Response to an incident can range from recording the incident to alerting an incident response team to initiating legal action against malicious individuals. The best way to deal with incidents affecting information security is to follow a planned approach laid out in a carefully developed security policy. Such policies should outline what response is suitable for each type of incident, the individuals responsible for handling the situation, and appropriate escalation procedures to follow if necessary.
Incident response is a systematic activity designed to minimize the impact of information loss or theft, assist the company in recovering from the incident and resuming normal business practice as quickly as possible, and help set in place procedures to prevent recurrence of such incidents in the future.
Notes Incident response is generally limited to incidents whose origin is malicious in nature. Incidents caused by natural disaster or accident are more properly handled by disaster recovery teams.
Incident response teams can be either internally developed teams drawn from various departments or an external team brought in under contract. Incident response teams are trained to respond to computer security incidents in a careful, methodical manner that helps the affected company recover quickly from the incident and resume normal business activities as soon as possi¬ble. Incident response teams may also deal with legal issues regarding theft of information and may have legal counsel as part of their extended team.
The CERT Coordination Center (CERT/CC), a center of Internet security expertise operated by Carnegie Mellon University, provides training and advice on how to develop computer security incident response teams. CERT/CC refers to an incident response team as a Computer Security Incident Response Team (CSIRT) and offers a one-day course designed for managers tasked with implementing such a team for their companies.
