Select Page

Need this assignment done for you, 100% original and Plagiarism Free? Order Now


.Order here

Incident reaction consists of actions outlined in the IR plan that guide the organization in attempting to stop the incident, mitigate the impact of the incident, and provide information for recovery from the incident. In reacting to the incident, there are actions that must occur quickly, including notification of key personnel and documentation of the incident. Most organizations maintain alert rosters for emergencies. An alert roster contains contact information for the individuals who should be notified in an incident. There are two types of alert rosters: sequential and hierarchical. A sequential roster is activated as a contact person calls each and every person on the roster. A hierarchical roster is activated as the first person calls a few other people on the roster, who, in turn, call a few other people, and so on. The incident is documented as an incident to ensure that the event is recorded for the organization’s records in order to know what happened, how it happened, and what actions were taken. A critical component of incident reaction is to stop the incident or contain its scope or impact. Before an incident can be contained, the affected areas of the information and information systems must be determined. In general, incident containment strategies focus on two tasks: stopping the incident and recovering control of the systems. The organization can stop the incident and attempt to recover control through different strategies. If the incident originates outside the organization, the simplest and most straightforward approach is to cut the affected circuits. Compromised accounts or server(s) should be disabled. Only as a last resort should there be a full stop of all computers and network devices in the organization. The bottom line is that containment consists of isolating the channels, processes, services, or computers and removing the losses from that source of the incident.