Defining, planning, and executing an IoT incident response
IoT incident response and management can be broken down into four phases:
- Planning
- Detection and analysis
- Containment, eradication, and recovery
- Post-incident activity
The following diagram provides a view into the processes and how they relate to one another:
Any organization should have, at a minimum, these processes well documented and tailored for its unique system(s), technologies, and deployment approaches.
Incident response planning
Planning (sometimes called incident response preparation) is composed of those activities that are, figuratively speaking, designed to keep you from behaving like a deer in headlights when disaster strikes. If your company were to experience a massive denial of service attack that your hosting provider's load balancers and gateway couldn't keep up with, do you know what would happen, and how you would respond ? Does your cloud provider handle this automatically, or are you expected to intervene by escalating...