An incident response is an expedited reaction to a security
issue or occurrence. Pertaining to information security, an example
would be a security team's actions against a hacker who has
penetrated a firewall and is currently sniffing internal network
traffic. The incident is the breach of security. The response
depends upon how the security team reacts, what they do to minimize
damages, and when they restore resources, all while attempting to
guarantee data integrity.
Think of your organization and how almost every aspect of it
relies upon technology and computer systems. If there is a
compromise, imagine the potentially devastating results. Besides
the obvious system downtime and theft of data, there could be data
corruption, identity theft (from online personnel records),
embarrassing publicity, or even financially devastating results as
customers and business partners learn of and react negatively to
news of a compromise.
Research into past internal and external security breaches shows
that some companies go of business as a result of a serious breach
of security. A breach can result in resources rendered unavailable
and data being either stolen or corrupted. But one cannot overlook
issues that are difficult to calculate financially, such as bad
publicity. To gain an accurate idea of how important an efficient
incident response is, an organization must calculate the cost of
the actual security breach as well as the financial effects of the
negative publicity over, in the short and long term.
