By Milica D. Djekic
The incident response (IR) is one of the key challenges to a modern cyber defense. Practically, it would include three crucially important steps being (1) preparation, (2) response and (3) remediation. Some of these details got found using the web resources, but we would not rely on the findings being provided in the literature only. We intend to put more effort and present some of our original contributions suggesting the importance of the good IR’s strategy. The purpose of this article would be to provide a helpful review of the possible IR’s strategies as well as recommend how to deal with their challenges.
Many people would talk about the IR, but what is that for real? Imagine you are at some cyberspace spot and something harmful got occurred there. First thing you should think about would be how to resolve such a situation. It’s well-recommended to get familiar with some of the scenarios from practice because that would offer you an opportunity to deal with that incident in a more effective way. So, the keyword here would be good preparation. In other words, you need to have the people, technology and processes being ready to react when some malicious occurrence takes place within your IT asset.
You should know that some of those incidents require mobilizing the majority of your resources that would contribute to resolving a certain cyber situation. It’s quite clear that it’s not that smart and effective relying on the improvisation when the incident happens, because that could take a lot of time and cost your employer greatly. So, just get prepared to react to the certain IT security situation and you would make your effort being less time-consuming and more cost-effective.
For instance, it’s well encouraging to get prepared some procedures and steps that could get followed in responding to cyber incident making your business suffer from the less discontinuity.
The next step in the good IR strategy would be the responding itself. It’s well-known that the responding would seek the very skillful staffs on a spot being capable to handle quite trickery situations.
Those skills and expertise come with the experience as well as with the good education, training and expert’s events.
So, it’s so important to constantly and continuously invest in your human resources and make them better and better in responding to certain events. Also, we would like to mention that there is the big cyber skills shortage on the marketplace and some experts would estimate that we would need between 10 and 20 years to overcome that gap. The response to an incident would so commonly get closely correlated with the digital forensics which would require from the experts to see the background of such a cyber situation and deeply investigate what occurred for real and why that happened. Sometimes would collecting the evidence and findings be a good way to respond to that situation.
In addition, if the attacked computers with their networks got connected to the malware generator – it would be necessary to switch off your resources from the web.
As we suggested at the beginning – the final step within the good IR strategy would be remediation. In other words, after collecting all the necessary clues and information for the purposes of the digital forensics or simply disconnecting your asset from the web for a reason of avoiding more complications – it would come time to remediate your computers with the networks. This step within the IR strategy seeks so skillful incident responders who would be able to deal with all three phases in the IR strategy.
Sometimes, it’s possible to repair the flaws using the specialized tools, but so often it would be so important to re-install the entire system which would affect your business continuity and demand from you get the majority of your confidential information getting previously backuped.
The backuping is a crucially significant step in preventing your asset from the attacks because only if you have the information being carefully backup – you would get in position to recover your system mainly.
In the end, formulating the good IR strategy could be a challenge, but if you invest more time, money and resources in careful planning how to resolve some of these scenarios – you would definitely win over a threat and get ready to handle any situation on.
About The Author
Since Milica Djekic graduated at the Department of Control Engineering at University of Belgrade, Serbia, she’s been an engineer with a passion for cryptography, cybersecurity, and wireless systems. Milica is a researcher from Subotica, Serbia. She also serves as a Reviewer at the Journal of Computer Sciences and Applications and.
She writes for American and Asia-Pacific security magazines. She is a volunteer with the American corner of Subotica as well as a lecturer with the local engineering society.