Incident Basics

• Describe appropriate response measures to take after a computer security incident.

It is the aim of every person responsible for computer security to eliminate risks to their system and prevent attacks before they occur. Unfortunately, due to the rapidly changing nature of technology, it is impossible to totally achieve these goals. When these preventive measures fail and a breach of security occurs or is suspected to have occurred, it is called a computer security incident.

Types of Incidents

There are five main types of incidents that we consider in this chapter:

• Web Server Attacks

• Virus Attacks

• Firewall or IDS Alerts

• Unauthorized Modification of Files

• Unauthorized Applications Running

Obviously, this is not an exhaustive list of possible incidents. However, system administrators can adapt the incident-handling techniques discussed for these categories to cover other types of incidents that occur in the field.