Businesses are using the latest protection for their Infrastructure but are still facing threats. Once the breach has been discovered there are many steps to follow in order to keep the continuity of the operations, this process is called Incident response.
Incident response is the set of actions and rules to follow in front of any event that goes towards the security breach of an infrastructure. These protocols have to be applied as soon as the compromise has been detected. Organization should create written guidelines to prioritizing incidents. The major incidents can be network and application intrusion ,Intellectual property theft investigation ,Copyright Infringement ,Employee misconduct, Insider Threat and malware outbreak. To help the security team in the moment of crisis, The National Institute of Standard And Technology (NIST) has released the NIST Special publication 800-61. This document presents effective guidelines to pay attention to while dealing with a breach.It supports the creation of the computer security Incident response team as well as the duties of the different members.Incident response employees must be familiar with the incident response tools, my favourite is EnCase.
According to the SANS institute,an incident must be addressed using the following life cycle: Preparation,detection,containment, remediation and post-incident activity. The full documentation is here.