Incident Management and Recovery

Introduction

​

The goal of incident management and recovery is to reduce the impact of an incident while it is happening. An effective response can reduce financial losses, minimize disruptions to business operations and ensure that customers are not negatively impacted.

​

Incident Response and Management

​

Incident response is the process of responding to security incidents. Organizations have a responsibility to protect their clients, customers, and employees from malicious attacks. In many cases, security incidents happen without warning; thus it's necessary to have an incident response plan (IRP) for your organization that outlines how you'll handle these situations. When a security breach does occur, your IRP will help guide you through its remediation process.

The IRP should describe how your team will respond to different types of security breaches at different stages in their lifecycle: pre-incident activities such as planning training and drills; detection techniques used by humans or automated systems; containment methods; communication protocols within the organization during an active incident; post-incident activities such as data recovery procedures after an attack has been contained

​

Internal Inquiries

​

Internal inquiries are used to determine what happened and why. Internal inquiries are not the same as an investigation.

A common misunderstanding is that an internal inquiry is the same thing as an investigation, but this is not true! While both internal inquiries and investigations attempt to answer the question of “what happened?”, they differ in purpose and structure.

• Purpose: An internal inquiry seeks to understand what occurred during an incident or event; it does not seek out fault for wrongdoing. In contrast, an investigation looks into whether there was wrongdoing committed by anyone involved in the incident or event under review.

• Structure: During a typical formal investigation process (which may be conducted by legal counsel), those being evaluated should be given notice ahead of time about why they're being evaluated so that they can prepare their case accordingly with whatever evidence they have at hand before meeting with investigators; however this doesn't always happen when it comes to internal inquiries because they're often done quietly without any warning beforehand so no one has time to prepare beforehand!

 

Compliance Audits

​

Compliance audits are an important way for your organization to test its compliance with regulations. They can be internal or external, and they can be performed by a third party or by the organization itself.

Internal Audits: An internal audit is done within your own organization. These audits can be conducted by either an internal auditor or one of your staff members who is trained and qualified in this area. If you choose to do an internal audit, it’s recommended that you have at least one person on staff who has experience conducting these types of reviews so that they know what they are looking for during their investigation process and how best to avoid making mistakes along the way (i.e., data collection errors).

External Audits: A third-party company conducts external audits on behalf of other organizations—for example, auditors may work directly with financial institutions as part of ongoing reviews required by regulators such as FINRA (Financial Industry Regulatory Authority) when banks have been flagged for potential violations involving customer funds deposited into accounts opened using fraudulent documents containing false information provided by applicants hoping to gain access into new lines-of-credit with secured credit cards issued from major financial institutions like Bank Of America Corporation(NYSE:BAC)and JPMorgan Chase & Co.(NYSE:JPM).

 

Data Recovery

​

Data Recovery is the process of salvaging data from damaged, failed, or inaccessible storage media. Data Recovery can be a manual or automated process. The goal of data recovery is to restore the original state and integrity of the stored information so it can be analyzed by an application or human operator. Past methods for performing this task include magnetic tape re-recording and re-surfacing, manual inspection with digital images made from electronic microscope views of each track on various devices such as disk platters; these methods are not suitable for modern hard drives due to their density (µm) being too small for a human eye to see individual tracks without magnification as well as having multiple heads which can be tilted in many different ways making it possible for them to touch adjacent ones causing further damage if not handled properly while trying to recover them manually before they're sent back into production where they may fail again due to improper handling during transportation back home after being repaired at another facility distant away from where they came originally purchased."

​

"While an incident is in progress, the goals are to contain and eliminate the threat, reduce recovery time and loss, prevent future incidents, and assist the organization to recover."

​

While an incident is in progress, the goals are to contain and eliminate the threat, reduce recovery time and loss, prevent future incidents and assist the organization to recover.

The first step of containment is to stop further damage from occurring by isolating the affected system(s) from others on your network. This can be accomplished through network segmentation or firewalls. Once you have identified where your resources are located in order to help isolate them from other devices on your network, take steps such as disabling ports that connect directly into these resources (such as USB ports).

​

Conclusion

The goal of incident management is to reduce the impact of an incident on your organization and its business operations. Incident management is a critical component of risk management. It includes managing security incidents and other types of emergencies, such as natural disasters.