Incident Response – Recovery and Maintenance: A Summary
The prompt identification of susceptibilities within computer networks and the related countermeasures to alleviate any damage or risk are critical for organizations in any industry. Whitman et al. discuss approaches regarding effective incidence response, including contingency planning for marketing leading content, preventing data losses after security breaches, and the appropriate techniques that can minimize emergency-related downtimes (313). Chapter eight, titled “Incident Response: Recovery and Maintenance,” provides a crucial insight into practical approaches to averting network intrusion.
The recovery and maintenance of networks involve associated processes such as the preservation of technical data, forensics and anti-forensics, and eDiscovery mechanisms, which collectively help in retrieving compromised systems and preventing future attacks. Whitman et al. highlight that the recovery phase is part of the broader incident response process which begins with figuring out the source of the security breach or cyber-attack, how the affected systems were compromised, and why there are no incidental protection mechanisms in place to prevent such incidents (315). Baskerville et al. posit that applying Deming’s cycle (i.e., plan, do, check, and act) can ensure adequate recovery and maintenance process while lowering the susceptibility of systems to future attacks (139). Planning for recovery is best based on the expert understanding of the security incident at the moment, while doing involves trying the recovery plan on several devices at a time. On the other hand, checking entails assessing the effectiveness of the plan, followed by acting, which is implemented only if the solution works, thus expanding its application to entire networks and devices. The approach is crucial for developing future security solutions that can fend off similar or multifaceted attacks.
Overall, the recovery and maintenance process should be practical and strategic to reduce system susceptibilities. Accordingly, the approaches employed should focus more on reducing or eliminating the source/vulnerability as opposed to containing the attack. The source of the attack(s), the extent of breach or damage of systems, and the reasons the organization lacks modalities to prevent such incidents should also be assessed using Deming’s cycle. By employing this approach, future system vulnerabilities can be reduced significantly.
Are the outlined processes and procedures practical and applicable to all types of multifaceted organizational systems in a highly dynamic cybersecurity world?
Baskerville, Richard, et al. “Incident-Centered Information Security: Managing A Strategic Balance Between Prevention and Response.” Information & Management, vol. 51, no.1, 2014, pp. 138-151.
Whitman, Michael E., et al. Principles of Incident Response and Disaster Recovery. 2nd ed., Cengage Learning, 2013.