Organizations should be prepared to detect and respond to incidents before they occur. This plan should be embodied in an accident response policy. For example, The Carnegie Mellon University CERT Coordination Center (CERT/CC) recommends the following incident response practices. Prepare the establish policies and procedure for responding to intrusions. Prepare to return to interventions.
Analyze all available information to characterize an intrusion. Communication with all parties that need to be made aware of an intervention and its progress collect and protect information associated with interference. Apply short term solutions to contain an invasion. Eliminate all means of intruder access — return systems to normal operation. For the followup, To identify and implement security lessons learned. The original guidance on incident handling is provided by the Internet Engineering Task Force (IETF) RFC 2196.
These are the approaches; Preparing and Planning (What are the goals and objectives in handling an incident ?), Notification (Who should be contacted in the case of an event?) by the help of Local managers and personnel, Law enforcement and investigative agencies, Computer security incidents handling teams, Affected and involved sites, Internal Communications, Public relations and press releases. Identifying an episode (Is it an incident and if so, how serious is it ?).
Handling (what should be done when an incident occurs?). Notification (What should be done when an event occurs?): Notification (Who should be notified about the incident ?), Protecting evidence and activity logs (What records should be kept from before, during and after the event?),. Containment (How can the damage be limited?). Eradication (How can you eliminate the reasons for the incident?),. Recovery (How do you reestablish service and systems?). Follow up (What actions should be taken after the event?). Aftermath (What are the implications of past incidents ?)
Administrative response to incidents. Responding to events efficiently and effectively is extremely important. The following critical issues are involved. They are protecting the assets that could be compromised — protecting resources that could be utilized more profitably if an incident didn’t require their services.
Complying with (government or other) regulations. Preventing the use of your system in attacks against other systems (which could cause you to incur legal liability) and Minimizing the potential for harmful exposure.
