Incident monitoring and response
How would one define an incident? Well, let me posit this to you: what would you do if a bear attacked you? Does this sound stupid? Are these way too many questions? Well, this question is a fairly direct way to understand an incident and how it is reacted to.
The bear is attacking you; it is much larger than you and, well, you don’t want it to get you. In this case, the bear attack is the incident and the bear itself is just a vector for the incident. The result of the incident depends on the response, and to have a good response, you need a good head on your shoulders (you need to monitor the situation, get it?). The report of the response to the incident will happen one way or another. However, if you want to be the one writing the report, you need to have handled the incident correctly.
Actual security incidents are not as brutal as that (not physically, anyway). Don’t worry. But they do work similarly. There is an incident,...
