10.4 Incident handling procedures 259
10.4
Incident handling procedures
The flowchart in Figures 10.1-10.3 show the basic steps you should take to
build your incident handling response system.
Incident
-
Reported
Initial Response
Incident
Analyzed for
Severity
Process for
Severity 1
Process for
Severity 2
Figure 10. l
I I
Process for
Severity 3
Process for
Severity 4
Process for
Severity 5
I I
I Chapter I0
260 10.4 Incident handling procedures
Based on
Severity Level
Contact team
members
Technical
Legal Management
Corp -
Comm
Security
Officer
Shut down the
Site
Fail Over to Hot
site
v
Figure 10.2
Based on
response from
Team members
- Make Initial fix
Make
recommendation
long term fix
-if needed.
Shut down a
part of the site
Attack is one
time -- do
nothing
10.4 Incident handling procedures 261
Figure 10.3
Team agrees
on Fix
Technical
Fix
implemented
Legal
reviews
incident
Management
Approved
changes
Corp -
Comm
sends out
updates to
community
Security
Officer
reviews
changes
Security
policies
updated as
needed
°
.
,
.
We start out with an incident. The incident is detected or
reported into the system.
A focal point contact will review the incident and decide on the
severity of the incident (may consult with other members on the
needed course of action).
A severity will be assigned. The level of response will reflect the
severity of the incident.
The required team members will be contacted and the needed
action will be implemented.
An initial fix may be required. If so, the fix will be attempted. If
not, a permanent solution will be developed and implemented.
I Chapter I0

Get Internet Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.