Incident Response, Business Continuity, and Disaster Recovery

Incident An incident is any event that compromises, or has the potential to compromise, the confidentiality, integrity, or availability (CIA) of information or systems. Example: Malware infection Unauthorized access to sensitive data Denial-of-service attack Security Event A security event has been confirmed as a violation of security policies , or acceptable use. Example: A ransomware attack encrypting company files. A data breach exposing customer PII Incident Response (IR) A structured process to detect, analyze contain, eradicate, and recover from security incidents. Purpose: Minimize impact of incidents Restore normal operations quickly Gather evidence for investigation or compliance Key Phase of Incident Response Preparation: Establish policies, procedures, tools, and communication plans. Example: Security awareness training, backup systems. Identification/Detection: Recognize potential incidents from logs, alerts, or report. Example: IDS alerts, unusual network traffic. Containm