Incident Response: Detection & Decision Making
Whitman, Mattord, and Green (2013) defined an incident as an adverse event that becomes a threat to normal operations. They classified an incident by evaluating the situations causing an event, establishing incident candidatures, and establishing if an adverse event is a real incident. The responsibility of an incident response team is to design the process for making judgments and classfying the incident. Whitman, Mattord, and Green (2013) stated the sources for detecting and tracking incident candidature, which include system administrators, end-users reports, virus management software, and IDPSs (Intrusion detection and prevention systems).
Adequate incident reporting training allows the transmission of vital information to the incident reporting team. Categories of incidents are multiple components: denial of service, inappropriate usage, malicious code, and unauthorized access. The detection of events happening within the organization might indicate the existence of an incident or might be a regular operation similar to an incident. The indication of an adverse event on progress is likely to become an incident, while precursor is an activity presently happening that could be an incident expected to occur in the future. It can occur before another episode or could influence or lead to its development.
Peng et al. (2011) indicated that the incidence response process has different stages, including creating an incident response team and attaining appropriate resources. At the preparation stage, the organization tries to minimize the magnitude of the incident that will happen through the selection and implementation of controls established from risk assessments. When a residual risk persists after the implementation of controls, security breaches detection is installed to alert the management in case of an incident (Peng et al. 2011). Mitigation is necessary to reduce the impact of the event by controlling and recovering from it. After containing the incident, the management provides a report with the details of costs and cause plus recommendations to prevent a future occurrence.What is the current innovation for detecting incident candidature in an organization?