Incident Response

View our 2018 and 2019 listing of information security (infosec) / cyber security training courses, events and conferences from around the world that are associated with (Information Security) Incident Response.

Incident response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack, also known as an IT incident, computer incident, or security incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.

Dealing with cyber security incidents – particularly sophisticated cyber security attacks – can be a very difficult task, even for the most advanced organisations. You should therefore develop an appropriate cyber security incident response capability, which will enable you to adopt a systematic, structured approach to cyber security incident response, including the selection and management of external suppliers.

Organisations are seldom adequately prepared for a serious cyber security incident. They often suffer from a lack of budget, resources, technology or recognition of the type and magnitude of the problem. In addition, they do not have the software, testing, process, technology or people to handle sophisticated cyber security threats, such as Advanced Persistent Threats (APTs).

However, organizations can respond to cyber security incidents in a faster, more effective manner. To achieve this, they will need to:

  • Understand a number of key concepts (eg a definition of cyber security incident response; types of cyber security attack; the main challenges and ways in which they can respond)
  • Determine the state of readiness for responding to a cyber security incident – and build an appropriate cyber security incident response capability (tailored to suit the organisation)
  • Participate in government sponsored and other initiatives related to cyber security incidents or incident response
  • Adopt a systematic, structured approach to cyber security incident management, considering the key actions that might need to be taken when preparing for, responding to and following up a cyber security incident – addressing requirements for people, process and technology
  • Select an appropriate supplier(s) of cyber security incident response expertise who can most effectively meet your requirements – but at the right price – considering an agreed set selection criteria
  • Keep an eye on future developments in the evolution and response to cyber security incidents – particularly sophisticated cyber security attacks – and plan an appropriate way forward.