6. This Photo by Unknown Author is licensed under CC BY-SA
7. A security incident is the act of violating an explicit or implied security
policy according to NIST Special Publication 800-61. Of course, this
definition relies on the existence of a security policy that, while
generally understood, varies among organizations.
Security incidents include but are not limited to:
• attempts (either failed or successful) to gain unauthorized access to a
system or its data
• unwanted disruption or denial of service
• the unauthorized use of a system for the processing or storage of data
• changes to system hardware, firmware, or software characteristics
without the owner's knowledge, instruction, or consent
9. A security incident involves the unauthorized
or unexpected access or use of an
organization’s IT systems.
10. Breach Examples
• Compromised user account
• Malware on a computer
• Ransomware on a file system
• Forwarding email or files outside of the organization
• Unauthorized access to a database
• Manipulating / defacing a website
11. Security
Environment
• Data breach can almost be assumed
• Higher expectation of privacy & security from
stakeholders
• Increasing compliance requirements
• GDPR
• HIPAA
• PCI
20. Why the need for an Incident Response Policy?
Provides for a systematic response, so that the appropriate actions are
taken.
Moves away from knee-jerk reactions to deliberate response.
24. • Response
• Notify the client
• Stop the infection
• Remediate the infection
• Understand infection vector
• Exhaustively investigate related systems and
accounts
Incident
Response