Security incidents continuously make our morning headlines and cause enormous damages and reputational harm to organizations worldwide. It’s inevitable that stronger and costlier incidents will happen. To be prepared, companies rely on their computer security incident handling and response teams. But — what do the terms Incident Handling and Incident Response mean?
What Is A Security Incident?
According to the Computer Security Incident, Handling Guide by NIST, only events with a negative consequence is considered security incidents. Such events can be system crashes, packet floods, unauthorized use of system privileges, unauthorized access to sensitive data, and execution of destructive malware. Malicious insiders, availability issues, and loss of intellectual property all fall under the scope of incident handling and incident response as well.
Incident Handling VS Incident Response
- Incident Response is defined as the summary of technical activities performed to analyze, detect, defend against and respond to an incident.
- Incident Handling is defined as the summary of processes and predefined procedural actions to effectively and actionably handle/manage an incident.
Oftentimes, Incident Handling and Incident Response are synonymous. NIST’s Computer Security Incident Handling Guide also mentions the same, and probably for the best.
Choosing to differentiate the two functions can result in incident miscommunication and mishandling, due to a lack of technical knowledge from the incident handlers’ side.
Preferably, the two functions should be indistinguishable on an organization and manned with trained, or at least knowledgeable, IT professionals. Not only that, but the transition from handling to response and incident communication, in general, should be an extremely fine-tuned and silky-smooth process. This means, that the incident handling and incident response functions should work in such a cooperative, communicative and actionable manner, so as to look like one function.
Thank You