Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The Six Stages of Incident Response

Anthony Caruana | July 7, 2016
Ashley Deuble takes us through a six-stage model for dealing with incidents.

Ashley Deuble speaking at AusCERT2016

As the Manager for IT Security and Identity Services at Griffith University, Ashley Deuble has to manage a complex environment with a massive number of internal and external users. Securing such a wide gamut of customers, often with very specific needs is very challenging, particularly when it comes to securing the environment so everyone has appropriate and reliable access.

"My big focus is around ensuring that appropriate security and risk evaluation is baked into everything that we do. As we are a university we tend to deal with a lot of different types of data ranging from public information through to cutting edge research information and even health and patient medical records. It's definitely a juggling act to securely make most of our information as open and accessible as possible, whilst still protecting other key assets," he says.

Like most organisations, there's pressure to look beyond traditional, on-premise systems and move operations to the cloud. However, that is not without its own challenges.

"One of my key areas of focus is in the governance of security and identity as we push the boundaries of the traditional University network model out to these services," says Deuble.

A major part of that focus is around incident response. Over several years, through working with many companies and observing the actions of many more, Deuble saw that all had an idea of what incident response was but when the time came were unable to execute it in a smooth or reliable manner.

"Incident response is one of those things that should be practised regularly like fire safety training or disaster recovery testing so that when something bad happens, your actions are almost second nature ensuring a favourable outcome," he says.

Through that experience and observation, Deuble has developed a six-stage model for dealing with incidents.

Deuble says the six stages of incident response that we should be familiar with are preparation, identification, containment, eradication, recovery and lessons learned. At each of these stages there are a few big ticket items that we want to make sure we get right.

1 - Preparation

The preparation phase is about ensuring you have the appropriate (response plans, policies, call trees and other documents in place and that you have identified the members of your incident response team including external entities.

2 - Identification

In the identification phase you need to work out whether you are dealing with an event or an incident. This is where understanding your environment is critical as it means looking for significant deviations from "normal" traffic baselines or other methods.

3 - Containment

Deuble says that as you head into the containment stage you will want to work with the business to limit the damage caused to systems and prevent any further damage from occurring. This includes short and long term containment activities.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.