THE SEVEN STAGES OF INCIDENT RESPONSE

1. Preparation

Preparation is the first stage of incident response and essential for every organization and it

prepared the organization for the worst. It identifies the starting and recovering of an incident

and defines a way how to get everything back to a normal stage? It also creates and established

security policies.

2. Identification

The process of identification is to identify the actual incident. Initially you want the answer of

one or more unusual activity, from your team? After the answer has been established you would

check the affected system and its areas to identify the actual incident.

3. Containment

Once the incident identified by your team, then next is to containing the issue and for this the

essential areas of coverage are listed below;

 Consider to keep protected the available critical computing resources.

 The operational status of infected systems should be determined first.
4. Investigation

Now your team comes to know what actually happened to your computer or system.

5. Eradication

It is the process of get rid of the actual issue. The restriction for this process is that it should take

place after the completion of all external/internal actions.

6. Recovery
Recovery is the process of back to normal after you got rid of the issue from infected computer,

system or network. There are two steps to recovery.

7. Follow-Up

After everything has been returned to normal there are a few follow-up questions that should be

answered to ensure the process is sufficient and effective.

IT Assets

To bring changes to your IT structure and assets build business cases that help in govern and

measure of delivery of information technology. The design of roadmaps of IT must be sync with

functional and business goals and also the roles of stakeholder and responsibilities must be

defined. Works with your team which manages the investments to your business processes and

maximize value and assesses use of existing technology and operations, modernize infrastructure

of information technology (Richard Bejtlich).

Appropriate Project controls

“Project controls are the data gathering, management and analytical processes used to predict,

understand and constructively influence the time and cost outcomes of a project or program;

through the communication of information in formats that assist effective management and

decision making (Simeon Ochiche).”

 Development of project strategy by defining methods that will enhance the outcomes of

project.

 Updates and maintenance scheduling for the software.

  Estimate of project costs that will include engineering and controlling and also estimating

and assessing of value of project.

 Risk management that will include assessing and analyzing of risks for a project and

cataloging risks happened in past and overcoming the question of avoid future risks?

Incident response and forensics

To properly respond and address the incidents across the organization, a centrally organized team

must be prepared to response these incidents. This team will handle the incidents across the

organization and responsible for analyzing breaches of organization’s security and would be able

to taking any necessary responsive measures in case of any incident (Holley, James, 2001). This

IR team should consist of the core of people which are listed below;

 Incident Response Manager: The team manager would responsible for the appropriate

actions against the incidents and also oversees and prioritizes actions during the

detection/analysis of an incident. During containment, they are also responsible for

conveying the special requirements for incidents that are of high severity to the rest of the

organization.
 Security Analysts: The team of security analysts would be on the back of manager that

work directly with the affected network to research and analysis the time, location and

incident’s further details. The two types of analysts are listed below;
 Triage Analysts: This team filters out false positive and watch for potential

intrusions.
 Forensic Analysts: Their works is to recovery of key artifacts and maintain

evidence integrity and ensuring a forensically sound investigation.

Works Cited
Holley, James. “Computer Forensics.” SCInfo Security Magazine. September 2000. URL:

http://www.scmagazine.com/scmagazine/2000_09/survey/survey.html #secure (March 1, 2001).

Robbins, Judd. “An Explanation of Computer Forensics.” URL:

http://crime.about.com/newsissues/crime/gi/dynamic/offsite.htm?site=http%3A% 2F%2Fknock-

knock.com%2Fforens01.htm (March 1, 2001).