CHAPTER 5

Incident management

Organizations are constantly exposed to unexpected and unknown security threats. Irrespective of the level, type, or size of the threat, their presence creates a bump in the overall functioning of an enterprise. Incident management is the process of identifying and responding to these disruptions as quickly as possible to minimize their impact on everyday business operations.

What is a security incident?

A security incident is an event indicating a threat to an organization's network, and presents a certain degree of severity and potential risk to the organization. If undetected, security incidents can compromise your system or data, both from the outside and from within. These are called external and internal threats.

External threats.

An external threat originates from outside the network and is initiated by hackers. The attacker employs various tactics to breach the network, including data manipulation, phishing attacks, malware attacks, denial-of-service (DoS) attacks, man-in-the-middle attacks, and more.

No two businesses suffer the same consequences from security threats. For example, in the healthcare industry, a security incident can lead to the exposure of patients' confidential records, potentially harming the patients themselves. Meanwhile, in a financial company, the exposure of critical data such as credit card information may lead to financial loss.

Internal threats.

An internal threat takes place when an insider causes a disruption to the organization's network by misusing their privileges. These threats can result in manipulation of sensitive data, identity theft, data leak, policy abuse, resource starvation, and much more. Internal threats can be accidental or intentional, from a sysadmin making a mistake that results in a security incident to an authorized employee with malicious intentions that tampers with sensitive data.

What is incident management?

Incident management is the process of detecting, categorizing, analyzing, and resolving an incident. Using various techniques and tools, incident management attempts to reduce the mean time to detect (MTTD) and mean time to resolve (MTTR) an incident.

The time between the occurrence of an incident and its resolution can be the difference between the organization's security being compromised or not. Usually, security information and event managament (SIEM) solutions come with a comprehensive incident management module to tackle key security issues, ensuring your organization's network is safe and secure.

 

Chapter 2

Different functions of SIEM

Learn about the different capabilities of an ideal SIEM solution.

 

Chapter 3

Component of SIEM Architecture

 

Chapter 4

Log Management

Learn about log management and why it is necessary.

 

Chapter 5

Incident Management

Learn about security incidents and how they are handled.

 

Chapter 6

Threat intelligence

Learn about security audits, real-time monitoring, and correlation and how they are useful to mitigate cyberthreats.

 

Chapter 7

Cloud security

Learn why it is important to secure data that is stored online on cloud computing platforms.

 

Chapter 8

User Entity and Behavior Analytics

Learn why UEBA is critical to maximize cybersecurity.

 

Chapter 9

Data protection

Learn why it is important to adhere to compliance regulations.