Page 1187 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1187
page: https://csrc.nist.gov/Publications).
In the context of incident response, an incident is referring to a
computer security incident. However, you’ll often see it listed as just as
incident. For example, within the CISSP Security Operations domain,
the “Conduct incident management” objective is clearly referring to
computer security incidents.
In this chapter, any reference to an incident refers to a
computer security incident. Organizations handle some incidents
such as weather events or natural disasters using other methods
such as with a business continuity plan (covered in Chapter 3,
“Business Continuity Planning”) or with a disaster recovery plan
(covered in Chapter 18, “Disaster Recovery Planning”).
Organizations commonly define the meaning of a computer security
incident within their security policy or incident response plans. The
definition is usually one or two sentences long and includes examples
of common events that the organization classifies as security incidents,
such as the following:
Any attempted network intrusion
Any attempted denial-of-service attack
Any detection of malicious software
Any unauthorized access of data
Any violation of security policies
Incident Response Steps
Effective incident response management is handled in several steps or
phases. Figure 17.1 shows the seven steps involved in managing
incident response as outlined in the CISSP objectives. It’s important to
realize that incident response is an ongoing activity and the results of
the lessons learned stage are used to improve detection methods or
help prevent a repeated incident. The following sections describe these
steps in more depth.
