Redback Council is the site of Cyber Security and Forensics.
REDBACK IT SOLUTIONS PVT LTD
No 05/X2, Hari Om 2nd Street, Phase 3, Sathuvachari, Vellore 9
info@redback.in
An incident is an event that could lead to loss of, or disruption to, an organization's operations, services or functions. Incident management (IcM) is a term describing the activities of an organization to identify, analyze, and correct hazards to prevent a future re-occurrence. If not managed, an incident can escalate into an emergency, crisis or a disaster. Incident management is therefore the process of limiting the potential disruption caused by such an event, followed by a return to business as usual. Without effective incident management, an incident can disrupt business operations, information security, IT systems, employees, customers, or other vital business functions.
Incident management is considered to be much more than just the analysis of perceived threats and hazards towards and organization in order to work out the risk of that event occurring, and therefore the ability of that organization to conduct business as usual activities during the incident. An important part of risk management process and business resilience planning that Incident management is a real time physical activity.
The planning that has happened to formulate the response to an incident—be that a disaster, emergency, crisis or accident—has been done so that effective business resilience can take place to ensure minimal loss or damage whether that is to tangible or non tangible assets of that organization. Efficient physical management of the incident—making best use of both time and resources that are available and understanding how to get more resources from outside the organization when needed by clear and timely liaison—ensure the plan is implemented.
International Organization for Standardization (ISO), which is the world's largest developer of international standards also makes a point in the description of its risk management, principles and guidelines document ISO 31000:2009 that, "Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment".[7] This again shows the importance of not just good planning but effective allocation of resources to treat the risk.
Today, an important role is played by a Computer Security Incident Response Team (CSIRT), due to the rise of internet crime, and is a common example of incident faced by companies in developed nations all across the world. For example, if an organization discovers that an intruder has gained unauthorized access to a computer system, the CSIRT would analyze the situation, determine the breadth of the compromise, and take corrective action. Computer forensics is one task included in this process. Currently, over half of the world’s hacking attempts on Trans National Corporations (TNCs) take place in North America (57%). 23% of attempts take place in Europe.[8] Having a well-rounded Computer Security Incident Response team is integral to providing a secure environment for any organization, and is becoming a critical part of the overall design of many modern networking teams.
Incident management software systems are designed for collecting consistent, time sensitive, documented incident report data. Many of these products include features to automate the approval process of an incident report or case investigation. These products may also have the ability to collect real time incident information such as time and date data. Additionally incident report systems will automatically send notifications, assign tasks and escalations to appropriate individuals depending on the incident type, priority, time, status and custom criteria. Modern products provide the ability for administrators to configure the Incident report forms as needed, create analysis reports and set access controls on the data. These incident reports may have the ability for customization that may best suit the organizations using the systems. Some of these products have the ability to collect images, video, audio and other data. Incident management software systems exist that relate directly to specific industries.
Incident logging : An incident is identified and recorded in user reports and using solution analyses—once identified, the incident is logged and categorized. This is important for how future incidents can be handled and for prioritization of incidents.
Notification & escalation :The timing of this step may vary from incident to incident depending on the categorization of the incident. Smaller incidents may also be logged and acknowledged without triggering an official alert. Escalation occurs when an incident triggers an alert, and the proper procedures are performed by the individual who is assigned to manage the alert.
Incident classification : Incidents need to be classified into the proper category and subcategory in order to be easily identified and addressed. Typically, classification happens automatically when the right fields are set up for classification, prioritization is assigned based on the classification, and reports are quickly generated.
Incident prioritization :The proper priority can have a direct impact on the SLA of an incident response, ensuring that business-critical issues are addressed on time and neither customers nor employees experience any lapse in service.
Investigation and diagnosisThe IT team performs an analysis and provides a solution to the employee once an incident is raised. If a resolution is not immediately available, the incident is escalated to the proper teams for further investigation and diagnosis of the incident.
Incident resolution and closureAn IT team is meant to resolve incidents using the proper prioritization methods as quickly as possible. Communication can help with the resolution and closure of tickets, with the possibility of automation to help resolving tickets. Once an incident is resolved, there is further logging and understanding of how to prevent the incident from occurring again or decrease the time to resolution.
+(91) 818 998 5559
+(91) 818 998 5551