In the preparation stage, there are two main goals: setting up incident handling capabilities within the organization and taking measures to prevent IT security incidents. These measures include hardening endpoints and servers, using multi-factor authentication, and managing privileged access. It's important to note that protecting against incidents is not solely the responsibility of the incident handling team.
To prepare effectively, certain prerequisites must be met. This includes having skilled members in the incident handling team, whether they are in-house or outsourced, along with a trained workforce, clear policies, documentation, and the necessary tools both in terms of software and hardware.
Clear policies and documentation are crucial for efficient incident response. This includes having up-to-date contact information, incident response policies and procedures, incident information sharing policies, system baselines, network diagrams, asset management databases, and more. Non-severe cases should be handled swiftly, while severe cases may require law enforcement notification and external communication for legal matters.
Summary:
- Establish incident handling and prevent IT security incidents with endpoint hardening and multi-factor authentication.
- Prerequisites: skilled team, trained workforce, clear policies, documentation, and tools.
- Policies: contact info, incident response protocols, system baselines, and asset management.
- Additional considerations: responsible device handling, jump bag, secure storage, separate documentation, and independent communication channels.