Jump to content

User:CyberKravMaga/Incident management

From Wikipedia, the free encyclopedia

Article Draft

[edit]

Computer security incident management

[edit]

Computer Security Incident Management (AKA cybersecurity incident management) involves all phases of the cybersecurity program related to preparing for, responding to, recovering from, reporting on, or implementing changes resulting from cybersecurity incidents. It may pertain to a single incident, be related to multiple incidents, or involve planning and preparation activity caused by the potential threat of security threats[1]. The primary purpose is the development of a well understood, predictable, and robust response to damaging events and computer intrusions that will withstand subsequent legal and regulatory processes and prevent future incidents.[2]

Today, an important role is played by a Computer Security Incident Response Team (CSIRT), due to the rise of internet crime, and is a common example of an incident faced by companies in developed nations all across the world. For example, if an organization discovers that an intruder has gained unauthorized access to a computer system, the CSIRT would analyze the situation, determine the breadth of the compromise, and take corrective action.

The CSIRT follows the plan outlined in the Cyber Security Incident Response Plan (CSIRP) and other incident policies, procedures, and playbooks as defined by the threat types or impacted entities. The CSIRP is the high-level governance document that identifies the incident overall incident severities, plans, strategies, scope, coverage, and provisions. for the cybersecurity incident response strategy.[3]  Cybersecurity incident management is typically performed according to a frameworks developed by government institutions or private entities.[2][4][5]

Currently, over half of the world's hacking attempts on Trans National Corporations (TNCs) take place in North America (57%). 23% of attempts take place in Europe.[6] Having a well-rounded Computer Security Incident Response team is integral to providing a secure environment for any organization, and is becoming a critical part of the overall design of many modern networking teams.

References

[edit]

Clark, Colby (2024-01-05). CYBERSECURITY INCIDENT MANAGEMENT MASTERS GUIDE: Volume 1 - Preparation, Threat Response, & Post-Incident Activity (2nd ed.). United States: KDP. ISBN 979-8874027414.

"ISO - International Organization for Standardization". ISO. Retrieved 2024-01-30.

Clark, Colby (2024-01-14). CYBERSECURITY INCIDENT MANAGEMENT MASTERS GUIDE: Volume 2 - Program Assessment & Development (2nd ed.). United States: KDP. pp. 574–575. ISBN 9798876273383.

Cichonski, Paul; Millar, Thomas; Grance, Tim; Scarfone, Karen (2012-08-06). Computer Security Incident Handling Guide (Report). National Institute of Standards and Technology.

"IMF 13 Domains". CyberSecurity Masters Guides. Retrieved 2024-01-30.

"Hacking Incidents 2009 – Interesting Data". Roger's Security Blog. TechNet Blogs. 12 Mar 2010. Archived from the original on Sep 24, 2012. Retrieved 2012-11-17.

  1. ^ Clark, Colby (2024-01-05). CYBERSECURITY INCIDENT MANAGEMENT MASTERS GUIDE: Volume 1 - Preparation, Threat Response, & Post-Incident Activity (2nd ed.). ISBN 979-8874027414.{{cite book}}: CS1 maint: date and year (link)
  2. ^ a b ISO. "ISO - International Organization for Standardization". Retrieved 2024-01-30.{{cite web}}: CS1 maint: url-status (link)
  3. ^ Clark, Colby (2024-01-14). CYBERSECURITY INCIDENT MANAGEMENT MASTERS GUIDE: Volume 2 - Program Assessment & Development (2nd ed.). ISBN 9798876273383.
  4. ^ Cichonski, Paul; Millar, Thomas; Grance, Tim; Scarfone, Karen (2012-08-06). Computer Security Incident Handling Guide (Report). National Institute of Standards and Technology.
  5. ^ "IMF 13 Domains". CyberSecurity Masters Guides. Retrieved 2024-02-17.
  6. ^ "Hacking Incidents 2009 – Interesting Data - Roger's Security Blog - Site Home - TechNet Blogs". web.archive.org. 2012-09-24. Retrieved 2024-02-17.