Category Archives: incident handling

Security Incidents: Incident Handling vs Incident Response

Security incidents continuously make our morning headlines and cause enormous damages and reputational harm to organizations worldwide. It’s inevitable that stronger and costlier incidents will happen. To be prepared, companies rely on their computer security incident handling and response teams. But — what do the terms Incident Handling and Incident Response mean? Find out.

What Is A Security Incident?

According to the Computer Security Incident Handling Guide by NIST, only events with a negative consequence are considered security incidents. Such events can be system crashes, packet floods, unauthorized use of system privileges, unauthorized access to sensitive data and execution of destructive malware. Malicious insiders, availability issues and loss of intellectual property all fall under the scope of incident handling and incident response as well.

Incident Handling VS Incident Response

  • Incident Response is defined as the summary of technical activities performed to analyze, detect, defend against and respond to an incident.
  • Incident Handling is defined as the summary of processes and predefined procedural actions to effectively and actionably handle/manage an incident.

Oftentimes, Incident Handling and Incident Response are synonymous. NIST’s Computer Security Incident Handling Guide also mentions the same, and probably for the best.

Choosing to differentiate the two functions can result in incident miscommunication and mishandling, due to lack of technical knowledge from the incident handlers’ side.

Preferably, the two functions should be indistinguishable on an organization and manned with trained, or at least knowledgeable, IT professionals. Not only that, but the transition from handling to response and the incident communication, in general, should be an extremely fine-tuned and silky-smooth process. This means, that the incident handling and incident response functions should work in such a cooperative, communicative and actionable manner, so as to look like one function.

Aspiring to become the IR professional companies wish they had? Read more about how the IHRP training course can help advance your blue teaming career here.

Learn hands-on and up-to-date incident handling and response skills with the IHRP course.
>  DISCOVER IHRP  |  ENROLL NOW

Connect with us on Social Media:

Twitter | Facebook | LinkedIn | Instagram

The 4 Steps Of Incident Handling & Response

An estimated 3.6 billion records were breached in the first 9 months of 2018 alone. While these numbers show some improvement, cyber incidents will inevitably continue to happen. For that, security professionals need to know the Incident Handling and Response processes.

According to NIST’s Computer Security Incident Handling Guide, the Incident Response (IR) life cycle is made of 4 phases, as shown below.

1. Preparation

In this initial phase, organizations plan to handle incidents and attempt to limit the number of potential incidents by selecting and implementing a set of controls based on the results of risk assessments. This step involves outlining everyone’s responsibility, hardware, tools, documentation, etc. and taking steps to reduce the possibility of an incident happening.

2. Detection & Analysis

In this phase, the IR team analyzes all the symptoms reported and confirms whether or not the situation would be classified as an incident.

3. Containment, Eradication, and Recovery
In this phase, The IR team now gathers intel and create signatures that will help them identify each compromised system. With this information, the organization can mitigate the impact of incidents by containing them and countermeasures can be put in place to neutralize the attacker and restore systems/data back to normal.
4. Post-incident Activities

This is more of a ‘lesson learned’ phase. Its goal is to improve the overall security posture of the organization and to ensure that similar incidents won’t happen in the future.

When incidents happen, we tend to panic and wonder “what now?”. It’s important to remain calm and follow best practices and company procedures. For this reason, NIST has published its Computer Security Incident Handling Guide to lead you through the preparation, detection, handling, and recovery steps of Incident Handling & Response.

Interested in learning how to professionally analyze, handle, and respond to security incidents on heterogeneous networks and assets? Check out our new Incident Handling & Response Professional – IHRP – training course.
LEARN MORE ABOUT THIS COURSE  |  ENROLL NOW

Connect with us on Social Media

Twitter Facebook LinkedIn Instagram

Introducing Incident Handling & Response Professional (IHRP)

We are introducing the Incident Handling & Response Professional (IHRP) training course on December 11, 2018. Find out more and register for an exciting preview webinar.

No matter the strength of your company’s defense strategy, it is inevitable that security incidents will happen. Poor and/or delayed incident response has caused enormous damages and reputational harm to Yahoo, Uber, and most recently Facebook, to name a few. For this reason, Incident Response (IR) has become a crucial component of any IT Security department and knowing how to respond to such events is growing to be a more and more important skill.

Aspiring to switch to a career in Incident Response? Here’s how our new Incident Handling & Response Professional (IHRP) training course can help you learn the necessary skills and techniques for a successful career in this field.

Incident Handling & Response Professional (IHRP) 

The Incident Handling & Response Professional course (IHRP) is an online, self-paced training course that provides all the advanced knowledge and skills necessary to:

  • Professionally analyze, handle and respond to security incidents, on heterogeneous networks and assets
  • Understand the mechanics of modern cyber attacks and how to detect them
  • Effectively use and fine-tune open source IDS, log management and SIEM solutions
  • Detect and even (proactively) hunt for intrusions by analyzing traffic, flows and endpoints, as well as utilizing analytics and tactical threat intelligence

This training is the cornerstone of our blue teaming course catalog or, as we called it internally, “The PTP of Blue Team”.

Discover This Course & Get An Exclusive Offer

Take part in an exciting live demonstration and discover the complete syllabus of our latest course, Incident Handling & Response Professional (IHRP), on December 11. During this event, all the attendees will get their hands on an exclusive launch offer. Stay tuned! 😉

Be the first to know all about this modern blue teaming training course, join us on December 11.
> RESERVE YOUR SEAT

Connect with us on Social Media:

Twitter | Facebook | LinkedIn | Instagram