14 Ağustos 2017 Pazartesi

Incident Respone Plan


It should be noted: if an Incident Response plan is not already in place, do not attempt to create one during an infection. Rather, remove the infected server from the network. Create a plan to systematically return the infected server to its pre-infected production condition before beginning the recovery process. Incident response is not a responsibility that a single person can handle. Recovering a compromised server in a haphazardly fashion can create more system issues and do more damage then the initial compromise.
 
...
...Incident Response Plans should not be created during a security incident nor should one person be assigned to develop an Incident Response Plan. Incident response should be the responsibility of different members from different groups in an organization...
...
 
...During an incident, panic will often set in. Do not let this happen...

----
Source:
SANS Institute InfoSec Reading Room
Source: Malware Analysis: An Introduction