What Is Incident Response?
This book covers a broad range of considerations associated with responding to security-related incidents in computing systems and networks. Before we can define “incident response,” however, it is necessary to first define what “incidents” are.
Definition of Incidents
By incidents, we mean adverse events that threaten security in computing systems and networks. Events include any observable thing that happens in a computer and/or network. Events include connecting to another system via a network, accessing files, system shutdowns, and so on. Adverse events include system crashes, packet flooding within a network, unauthorized use of another user’s account, unauthorized use of system privileges, defacement of one ...