| Abstrakt: |
With the exponential growth of the Internet, several challenges and security threats arise. Those threats are due to the lack of adequate security mechanisms, security policy flaws, increasing usage of mobile devices, mobility, and user's naivety. Although organisations try their best to deploy effective security solutions and practices, there will always be security incidents. Therefore, they must place detection methods to identify those threats and vulnerabilities. On the other hand, response activities must be established to deal with and respond to the detected incidents. An Incident Response Plan (IRP) aims to provide an organisation with an easy-to-follow guide that leads to a quick and effective incident response. The implementation of such a plan is not an easy task. To implement an IRP requires an organisation a lot of research and analysis of the existing frameworks and examples. Most frameworks explain how to set up a Computer Security Incident Response Team and how they should handle incidents, but only a few instruct how to implement a plan. The proposal of this paper is to present a practical strategy on how to implement an IRP, complementing the existing incident response frameworks, thus reducing the difficulty of creating an effective and useful plan. The study and proposal of this topic come from the research and experience developed during the implementation of an academic Security Operation Centre. The paper starts by presenting the most relevant incident response frameworks and related work. It then proposes a flexible strategy for creating an IRP that can be adjusted to any organisation's scope and objectives. During the strategy presentation, the various domains of incident response are presented. Finally, strategies for its implementation will be introduced. As the main contribution of this work, the reader will be able to understand the common structure and content of an IRP and to create their own plan. [ABSTRACT FROM AUTHOR] |
