Journey to Cybersecurity: Understanding Incident Response and the Goals of Incident Management

Welcome to my journey as a cybersecurity enthusiast! As I embark on my quest to become ISC2 certified in cybersecurity, I am thrilled to share one of the various chapters of my journey with you.

As I progress in my studies, I realize that it is important to learn about other essential concepts that ground me in this field. One of the key areas I have been exploring is “Understanding Incident Response.”

As security professionals, our primary goal is to protect systems from malicious attacks or human errors. However, despite our best efforts, accidents and incidents are inevitable. For this reason, we also play the role of first responders, and having a thorough understanding of incident response is essential.

It all starts with knowing the terms used to describe various attacks. Let’s take a look at some of these terms together:

• Breach: The loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or any similar occurrence where a person has unauthorized access or potentially accesses personally identifiable information (PII).
• Event: Any observable occurrence in a network or system.
• Exploit: A particular attack. It is named this way because these attacks exploit system vulnerabilities.
• Incident: An event that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits.
• Intrusion: A security event or combination of events that constitute a deliberate security incident in which an intruder gains or attempts to gain access to a system resource without authorization.
• Threat: Any circumstance or event with the potential to adversely impact organizational operation (including mission, functions, image, or reputation), organizational assets, individuals, or a nation through unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
• Vulnerability: A weakness in an information system, system security procedures, internal controls, or implementation that could be exploited.
• Zero Day: A previously unknown system vulnerability with the potential of exploitation without risk of detection or prevention because it does not, in general, fit recognized patterns, signatures, or methods.

After getting a good grasp of these terms, let’s dive into the goals of incident response. Every organization must be prepared for incidents, and despite being prepared, it is inevitable that adverse events will occur. The priority of an incident response is to protect life, health, and safety, and when making any decision related to priorities, safety should always come first.

The primary goal of incident management is to be prepared. Preparation requires having a policy and a response plan that will lead the organization through the crisis. Every organization must have an incident response plan that will help preserve business viability and survival. An incident response plan is a documentation of a predetermined set of instructions or procedures to detect, monitor, and respond to the consequences of a malicious cyber attack.

As cybersecurity professionals, we are constantly in the business of detecting and crafting out ways to respond to incidents that might happen. Being ahead of the game is a huge advantage for small and large scale businesses to survive in an ever-growing world of cyber attacks.

Thank you for joining me on this journey of understanding incident response. I am excited to continue exploring more concepts in cybersecurity and sharing my experiences with you. If you found this article useful, please leave a review, and I look forward to our next adventure together.