Incident Response

Incident response is the planned reaction to negative situations or events. Inevitably, security breaches, or at least attempts to breach security, are going to occur. When those events affect the organization or its abilities to perform its tasks in any way, incident response is triggered. The goals of incident response are to minimize downtime, minimize loss, and restore the network environment back to a secured normal state as quickly as possible.

Most incident response solutions include six primary steps or phases (see FIGURE 14-4)):

A flow diagram explains the phases of incident response.

FIGURE 14-4 The phases of incident response.

  1. Preparation—Select and train security ...

Get Network Security, Firewalls, and VPNs, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.