Need to respond to two student discussions with at least 150 words minimum for each response. Below in the bold are the questions the students are responding to.
For this week’s post please utilize the items described in the lesson/resources or research conducted on the web to ensure your post contains the following;
- Consider the phases of incident response listed below. They follow a certain order, but which one(s) do you consider to be the most crucial to the process and why?
- Incident Identification
- Analysis and Tracking
- Recovery and Repair
- Debriefing and feedback
Student one:Each of the seven phases of incident response has its own purpose and meaning, but arguably, each one also has its own specific value. Their order reflects the logical process by which an incident would be handled, that is to say, you cant perform an investigation prior to identifying the incident, and just the same, you cant recover and repair until you performed an investigation; not really at least.That said, recovery and repair, from an individual business perspective, is probably the most important. For the vast majority of businesses, having a positive revenue is one of the top, if not the top goals. There will of course be other goals such as innovation and consumer awareness and whatnot, but a business cant stay afloat if its always in the red, and investors typically dont want to put their money into a business thats just going to lose it.From an IT or global, if you will, standpoint, I’d say the debriefing and feedback is the most important step. Why? Because everyone wants to know, what happened, how it happened, and how to stop it. For example, zero-day exploits are considered extremely valuable/dangerous. If a software developer never gets feedback on a zero-day exploit so that they can patch their software and defend against it, how can they then defend against it? How will any one of the 10s, 100s, or 1000s, of businesses using that software be able to stop it? Could it be found by someone else? Absolutely, but there is no telling the amount of time in between, and how many times this exploit could be used, and on how many systems it could be used on.So, as noted above, I think perspective plays a huge role in how important each step is, or which step is most important. They each have their own place and purpose, but who you are looking in determines how important each one is to you.-Frank
Student two:There is no doubt about the importance and relevance of each of the phases of the incident response process covered in this week’s lesson. Arguably, incident identification is a crucial process of the seven steps undertaken by an incident response team because it is the sequential step needed to conduct the remaining phases of the response framework. While the seven phases are synergistic with each other, it is my opinion that the most crucial phase within the incident response framework is the debriefing and feedback portion of the response effort. It is the foundation in which the incident response phases are built upon and without this crucial phase, there would be a lack of real progress and implementation of new tactics and techniques by incident response personnel. As it is currently stated, the debriefing and feedback phase (similar to an after-action review) looks at obtaining feedback from everyone involved so that you can determine the reasoning behind the outcome of the incident. This is done by determining what went wrong, what was done right, and how to improve based on that information gathered. It is my belief that this process led to how the phases of incident response came to be, by learning from those mistakes and improving upon the current system of things so that each of the other phases is executed in a better way. This is how teams and organizations become better through the implementation of the feedback gained through a formal debriefing process. What is also good about this phase is the sharing of information among collaborative parties to build upon working relations and partnerships that continually lead to an improvement in security infrastructure, be it virtual or physical in nature. While it is true many organizations will attempt to keep security incidents at a need to know level, the critical information gained from the incident can lead to protective measures for other organizations that prevent needless crime.~Lucas