Incident Response Data Handling
A security incident could be one of a wide range of different scenarios, such as:
- A computer or network infected with viruses, worms, or Trojans.
- A data breach or data exfiltration
- An attempt to break into a computer system or network through phishing or an evil twin Wi-Fi access point
- attempt to damage a network through a denial of service (DoS) attack
- Users with unlicensed software installed to their PC
- Finding prohibited material on a PC
Incident response plan (IRP) sets out procedures and guidelines for dealing with security incidents.
- Larger organizations will provide a dedicated Computer Security Incident Response Team (CSIRT)
- single point-of-contact for security incidents