by Hal Flynn
OPERATIONS MANUAL Information Protection Center
OPERATIONS MANUAL: Stage 1 - Active: Response Phase
The highest priority task for the IPC is to respond to incidents as they occur. This may involve working with the affected organisation to determine the cause of the incident and help them to become secure again, or it may involve finding a solution to a vulnerability that is actively being exploited to compromise many organisational assets. Reactive response is always done on a priority basis and involves three stages--containment, eradication and recovery-- followed by a post-incident analysis. Whatever is done must be consistent with security policies.
Keep in mind that careful protection of evidence for secondary analysis or prosecution:
A good primer on incident response is Who ya gonna call? by Carole Fennelly. The scenarios presented are a good sampling of the variety of situations that may arise.
The steps that must be followed are presented in the administration incident handling checklist. The following elaborates on these steps:
Original development of these pages was supported by the Province of Manitoba
The content is maintained by Andrew Mackie
Last modified: April 28, 2000
This article originally appeared on SecurityFocus.com -- reproduction in whole or in part is not allowed without expressed written consent.