Section 7

Incident Response Policies and Procedures

The Security Incident Response Team should always follow a structured documented process, wherein the content of the items to be investigated need to be preserved, validated, and documented. Any investigation must be understood at the onset as to its dimensions, scope, and investigative methods which are best based upon proven techniques, such as proper and legal collection of evidence and obtaining proper bit-stream “hash encrypted” copies of evidence. The linear nature of investigation always needs documentation and supporting evidence, for technology can give unexpected results. So, always document everything and report everything.

Keywords

IR policies

There are two areas in which the Security ...

Get Computer Incident Response and Forensics Team Management now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.