Incident response: A structured model from detection to containment and recovery
1 Department of Computing; East Tennessee State University; United States.
2 Department of Electrical Engineering and Computer Science; Ohio University; Ohio; United States.
3 Department of Computer Science; South Dakota State University; Brookings; United States.
4 Department of Nursing; George Washington University; Washington DC; United States.
Research Article
World Journal of Advanced Research and Reviews; 2024, 24(01), 1401–1407
Article DOI: 10.30574/wjarr.2024.24.1.3148
Publication history:
Received on 04 September 2024; revised on 13 October 2024; accepted on 15 October 2024
Abstract:
As cyber-attacks evolve in sophistication; organizations are under constant threat. This necessitates a cohesive approach to prioritize incident response (IR) capabilities and mitigate potential damages. This research paper explores integrating Information Security Management (ISM) and Incident Response (IR) functions; underlining the need for a unified strategy that leverages organizational learning theory. The study comprehensively analyzes the Incident Response Lifecycle; outlining the critical phases of preparation; detection and analysis; containment; eradication; recovery; and post-incident activities. It also investigates the crucial role and structure of Incident Response Teams (IRTs); advocating for tailored team formations that adapt to the dynamic nature of cyber incidents. By fostering collaboration between ISM and IR functions and focusing on technical and socio-technical factors; organizations can enhance their resilience against cyber threats and improve their overall security posture.
Keywords:
Incident response; Detection and response; Security; Frameworks
Full text article in PDF:
Copyright information:
Copyright © 2024 Author(s) retain the copyright of this article. This article is published under the terms of the Creative Commons Attribution Liscense 4.0