close
test_template

Overview of Incident Response Process in Computer Security

About this sample

About this sample

close

Words: 524 |

Page: 1|

3 min read

Published: Jul 15, 2020

Words: 524|Page: 1|3 min read

Published: Jul 15, 2020

An incident is any event in an information system or network where the results are abnormal [1]. It can also be considered as a situation that differs from normal routine operations. There are numerous reasons can lead to an incident. However, according to the significance, the results can be classified into three classes, generally, which are low-impact incident, moderate-risk incident, and high-level risk exposure incident. When incidents occur, certain steps will be performed by an organization to deal with the abnormal results. These steps are also known as the incident response process.

'Why Violent Video Games Shouldn't Be Banned'?

The level of response is determined by, primarily, information criticality and business decision as well. The goals of an incident response process can be summarized as following: to confirm and fix incident; to protect and secure the evidence; to mitigate its influence; to provide reports or recommendations, etc. How will the incident response be performed in practice, will be related to hardware/software architectures, budget, manpower, resources, and commitment, etc. When suspected incident is discovered and characterized, initial response kicks in. As a cyber first responder, it’s your responsibility to do as much as possible to mitigate the damage or loss of evidence, since evidence can be tampered with or destroyed as time passes; and all evidences ought to be collected forensically and protected properly. As an indispensable step in incident initial response, protecting and securing evidences play an important role in incident response process. First of all, the suspect need to be removed from company mail domain and network domain. The system administrator will cancel all his/her access to any systems and resources. Deactivate and reset all passwords this suspect used before. His/her access to data storage is also revoked. Secondly, a full backup need to be performed of each disk configured on the laptop in case of any security issue arises. The backup need to be encrypted. All emails and internet browser history are required to be encrypted and backed up as well, so that unwanted person has no access to this information. Then, disable any wired and wireless internet connection to avoid remote controlling. LAN access is allowed. A recovery is also necessary to restore destroyed or lost data. And run antiviruses software to remove any potential malware. Booting from CD or USB will be disabled, which avoids the damage of the evidence due to booting.

Meanwhile, the laptop’s hardware need to be encrypted to prevent from unwanted accessing and damaging of the data. The laptop need to be investigated thoroughly. After all the security checks and protection action implementation, evidence will be transport to organization, where physical security of the evidence laptop is also necessary. It is important to safeguard evidence from tampering and extremes in temperature, humidity, magnetic fields, and vibration. In practical, put the laptop in static-free bag with foam packing material and then store it in cardboard box. All evidence should be properly stored in an evidence room with restricted access, entry-logging capability, and camera monitoring. By using of all the methods mentioned above, the evidence will not be manipulated or damaged by any means. A proper securing and protecting of the evidence can by easily achieved.

Image of Alex Wood
This essay was reviewed by
Alex Wood

Cite this Essay

Overview of Incident Response Process in Computer Security. (2020, July 14). GradesFixer. Retrieved March 28, 2024, from https://gradesfixer.com/free-essay-examples/overview-of-incident-response-process-in-computer-security/
“Overview of Incident Response Process in Computer Security.” GradesFixer, 14 Jul. 2020, gradesfixer.com/free-essay-examples/overview-of-incident-response-process-in-computer-security/
Overview of Incident Response Process in Computer Security. [online]. Available at: <https://gradesfixer.com/free-essay-examples/overview-of-incident-response-process-in-computer-security/> [Accessed 28 Mar. 2024].
Overview of Incident Response Process in Computer Security [Internet]. GradesFixer. 2020 Jul 14 [cited 2024 Mar 28]. Available from: https://gradesfixer.com/free-essay-examples/overview-of-incident-response-process-in-computer-security/
copy
Keep in mind: This sample was shared by another student.
  • 450+ experts on 30 subjects ready to help
  • Custom essay delivered in as few as 3 hours
Write my essay

Still can’t find what you need?

Browse our vast selection of original essay samples, each expertly formatted and styled

close

Where do you want us to send this sample?

    By clicking “Continue”, you agree to our terms of service and privacy policy.

    close

    Be careful. This essay is not unique

    This essay was donated by a student and is likely to have been used and submitted before

    Download this Sample

    Free samples may contain mistakes and not unique parts

    close

    Sorry, we could not paraphrase this essay. Our professional writers can rewrite it and get you a unique paper.

    close

    Thanks!

    Please check your inbox.

    We can write you a custom essay that will follow your exact instructions and meet the deadlines. Let's fix your grades together!

    clock-banner-side

    Get Your
    Personalized Essay in 3 Hours or Less!

    exit-popup-close
    We can help you get a better grade and deliver your task on time!
    • Instructions Followed To The Letter
    • Deadlines Met At Every Stage
    • Unique And Plagiarism Free
    Order your paper now