Describe appropriate response measures to take after a computer security incident.
It is the aim of every person responsible for computer security to eliminate risks to their system and prevent attacks before they occur. Unfortunately, due to the rapidly changing nature of technology, it is impossible to totally achieve these goals. When these preventive measures fail and a breach of security occurs or is suspected to have occurred, it is called a computer security incident.
There are five main types of incidents that we consider in this chapter:
Web Server Attacks
Virus Attacks
Firewall or IDS Alerts
Unauthorized Modification of Files
Unauthorized Applications Running
Obviously, this is not an exhaustive list of possible incidents. However, system administrators can adapt the incident-handling techniques discussed for these categories to cover other types of incidents that occur in the field.
18.223.124.24