What to Check after an IT Security Incident
The IT world is changing – with new technology, mobile capabilities, applications and social media, businesses are finding it more and more difficult to protect their important data and comply with ever changing regulations.
Coming up with an effective Incident Response Plan (IRP) can enable Security Operations Centers (SOCs) to reduce the negative impacts of an IT security incident.
It’s important to keep in mind that breaches happen, despite the time and money spent to prepare and prevent a security incident from happening in the first place. Here are some key things to check after an IT security incident occurs:
- Discover The Systems & Data That Were Affected
An effective remediation process begins with discovering the systems and data affected during an incident. This step can also potentially prevent additional information from being stolen.
- Isolate The Systems & Networks
Steps like disabling user accounts and changing user credentials can isolate any affected systems from the network.
- Discover How The Breach Occurred
Work to establish a checklist of evidence that will summarize information on how the attack happened. Include details such as who reported the incident, how the incident was discovered, and the time of the incident.
- Discover Who Breached Your Company
While not always possible, this information can help your company restructure its IT infrastructure by providing the motivation behind the breach of their company, and whether it was external or internal.
- Restore Functionality To Affected Systems & Networks
After eliminating the threat from your company’s IT infrastructure, it’s time to restore functionality of all systems and accounts. Steps like reinstalling systems to the environment, securely erasing hard drives, and re-enabling affected user accounts should be taken.
To read the entire article, please visit www.business2community.com