In IT security, incident response includes the area responsible for responding to cyber incidents, basically, a computer emergency team. Often these are external service providers.
Incident Response encompasses three main tasks, the scope of which varies greatly from provider to provider:
1. Analysis
An incident response team helps with the assessment of an incident and decides, along with those affected, which measures will be effective. These include, for example:
- Reconstruction of events
- Assessment of the extent of damage
- Coming up with concrete recommendations for action
2. Data recovery
In addition, incident response personnel help to resume operations as quickly as possible by attempting to salvage affected devices/services and data on them. Depending on the incident, a full salvage or recovery is not always guaranteed. The previous analysis ensures the necessary care to prevent re-infections.
- Measures against cyber incidents
- Locate hidden copies of the data
- Proper loading of backup copies
- Judicial proof of evidence
3. Documentation and followup
A final report summarizes key findings and recommendations on how to effectively protect the business in the future.
- Multi-page report that includes a chronicle of events, possible causes and recommendations for action.
- Prerequisite to comply with reporting requirements and insurance requirements.