Response

Incident Management Process

Prepare

• Incident Response Policy (WHO-WHAT-WHERE)
• Response and Report Procedure (INTERNAL & EXTERNAL)
• Policy for communication with external parties (PLAYBOOKS)
• Define Service provided by Incident Response Team (IRT)
• Incident Priorization
• Notification Mechanisms

Analyze

Rank: Magnitude, Severity and Urgency

Immediate attention required or not

Containment

How to deal with various types of incidents once they occur.

Must be done ahead of time.

Recovery

Try to keep the system running during this as normal as possible.

Possible actions include:

• Restoring clean versions from backups
• Installing patches