This essay has been submitted by a student. This is not an example of the work written by professional essay writers.

Overview of Incident Response Process in Computer Security

downloadDownload printPrint

Remember! This is just a sample.

You can get your custom paper by one of our expert writers.

Get custom essay

121 writers online


An incident is any event in an information system or network where the results are abnormal [1]. It can also be considered as a situation that differs from normal routine operations. There are numerous reasons can lead to an incident. However, according to the significance, the results can be classified into three classes, generally, which are low-impact incident, moderate-risk incident, and high-level risk exposure incident. When incidents occur, certain steps will be performed by an organization to deal with the abnormal results. These steps are also known as the incident response process.

The level of response is determined by, primarily, information criticality and business decision as well. The goals of an incident response process can be summarized as following: to confirm and fix incident; to protect and secure the evidence; to mitigate its influence; to provide reports or recommendations, etc. How will the incident response be performed in practice, will be related to hardware/software architectures, budget, manpower, resources, and commitment, etc. When suspected incident is discovered and characterized, initial response kicks in. As a cyber first responder, it’s your responsibility to do as much as possible to mitigate the damage or loss of evidence, since evidence can be tampered with or destroyed as time passes; and all evidences ought to be collected forensically and protected properly. As an indispensable step in incident initial response, protecting and securing evidences play an important role in incident response process. First of all, the suspect need to be removed from company mail domain and network domain. The system administrator will cancel all his/her access to any systems and resources. Deactivate and reset all passwords this suspect used before. His/her access to data storage is also revoked. Secondly, a full backup need to be performed of each disk configured on the laptop in case of any security issue arises. The backup need to be encrypted. All emails and internet browser history are required to be encrypted and backed up as well, so that unwanted person has no access to this information. Then, disable any wired and wireless internet connection to avoid remote controlling. LAN access is allowed. A recovery is also necessary to restore destroyed or lost data. And run antiviruses software to remove any potential malware. Booting from CD or USB will be disabled, which avoids the damage of the evidence due to booting.

Meanwhile, the laptop’s hardware need to be encrypted to prevent from unwanted accessing and damaging of the data. The laptop need to be investigated thoroughly. After all the security checks and protection action implementation, evidence will be transport to organization, where physical security of the evidence laptop is also necessary. It is important to safeguard evidence from tampering and extremes in temperature, humidity, magnetic fields, and vibration. In practical, put the laptop in static-free bag with foam packing material and then store it in cardboard box. All evidence should be properly stored in an evidence room with restricted access, entry-logging capability, and camera monitoring. By using of all the methods mentioned above, the evidence will not be manipulated or damaged by any means. A proper securing and protecting of the evidence can by easily achieved.

Remember: This is just a sample from a fellow student.

Your time is important. Let us write you an essay from scratch

experts 450+ experts on 30 subjects ready to help you just now

delivery Starting from 3 hours delivery

Find Free Essays

We provide you with original essay samples, perfect formatting and styling

Cite this Essay

To export a reference to this article please select a referencing style below:

Overview of Incident Response Process in Computer Security. (2020, July 14). GradesFixer. Retrieved January 27, 2023, from
“Overview of Incident Response Process in Computer Security.” GradesFixer, 14 Jul. 2020,
Overview of Incident Response Process in Computer Security. [online]. Available at: <> [Accessed 27 Jan. 2023].
Overview of Incident Response Process in Computer Security [Internet]. GradesFixer. 2020 Jul 14 [cited 2023 Jan 27]. Available from:
copy to clipboard

Where do you want us to send this sample?

    By clicking “Continue”, you agree to our terms of service and privacy policy.


    Be careful. This essay is not unique

    This essay was donated by a student and is likely to have been used and submitted before

    Download this Sample

    Free samples may contain mistakes and not unique parts


    Sorry, we could not paraphrase this essay. Our professional writers can rewrite it and get you a unique paper.



    Please check your inbox.

    We can write you a custom essay that will follow your exact instructions and meet the deadlines. Let's fix your grades together!


    Hi there!

    Are you interested in getting a customized paper?

    Check it out!
    Don't use plagiarized sources. Get your custom essay. Get custom paper

    We can help you get a better grade and deliver your task on time!

    • Instructions Followed To The Letter
    • Deadlines Met At Every Stage
    • Unique And Plagiarism Free
    Order your paper now