SANS Institute – Incident Handler´s Handbook by Patrick Kral

One of the greatest challenges facing today’s IT professionals is planning and preparing for

The unexpected, especially in response to a security incident.

An incident is described as any violation of policy,law, or unacceptable act that involves Information assets, such as computers, networks, smartphones, etc (Bejtlich, 2005). The Scope of this document is limited to the six phases of the incident handling process (“Incident Handling step-­‐by-­‐step,”2011) and providing the basic information necessary as to what each Step entails. Its overall purpose is to provide the basic foundation for IT professionals and managers To be able to create their own incident response policies, standards, and teams within their organizations.

This document will also include an incident handler’s checklist(template) that one can use to

Ensure that each of the incident response steps is being followed during an incident.

An incident is a matter of when, not if, a compromise or violation of an organization’s security will happen. The preparation of the Computer Incident Response Team (CIRT) through planning, communication, and practice of the incident response process will provide the necessary experience needed should an incident occur within your organization. Each phase from preparation to lessons learned is extremely beneficial to follow in sequence, as each one builds upon the other. The following phases will provide a basic foundation to be able to perform incident response and allow one to create their own incident response plan.

Leave a Reply

Your email address will not be published. Required fields are marked *