CHAPTER 22

Incident Handling

Incident handling is the first step in an actual recovery process. The activity is undertaken by the organization to manage the consequences of a breach to minimize both tangible and intangible damage. Examples of breaches include intrusion, cybertheft, and denial-of-service and virus attacks. Incident handling is part of information assurance, but it is a reactive control. Some organizations define incident handling as “information security incident handling” or “security incident handling.” In all contexts, the functions remain the same regardless of the name.

Incident handling is included sometimes as part of an organization’s business continuity plan because it provides the approach to respond quickly and efficiently ...

Get Information Assurance Handbook: Effective Computer Security and Risk Management Strategies now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.