The members of an incident response team are like the superheroes in comics. Whenever there is an issue, they are there to save the day for the organization. By creating and establishing cyber intelligence communication channels, we can help the incident response team members to save the day better.
To understand how we can do that, let's look at the incident response process.
The incident response process has four main steps, as depicted here:
- Preparation
- Detection and analysis
- Containment, eradication, and recovery
- Post-incident activity
Notice how steps 3 and 4 are cyclical.
Let's go through a brief overview of each step.
A good reference guide for incident response is NIST 800-61 Computer Security Incident Handling Guide:
https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf
https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf