{"id":1677,"date":"2019-03-12T23:38:00","date_gmt":"2019-03-13T04:38:00","guid":{"rendered":"https:\/\/media-moon.com\/blog\/?p=1677"},"modified":"2019-12-05T09:35:00","modified_gmt":"2019-12-05T15:35:00","slug":"the-need-for-an-incident-response-plan-part-2","status":"publish","type":"post","link":"https:\/\/media-moon.com\/blog\/the-need-for-an-incident-response-plan-part-2\/","title":{"rendered":"The Need for An Incident Response Plan \u2013 Part 2"},"content":{"rendered":"<h3><strong><em>The Risks and the Needs Associated of Going Offline<\/em><\/strong><\/h3>\n<p>When a business or a corporation is hit by a Cyber-attack, one of the first questions that often gets asked is just how much the IT Infrastructure has been damaged, or even if the Cyber attacker is still lurking around trying to infect other systems in the process of confusion and mayhem.\u00a0 It is in these instances that the thought of shutting down the entire IT Infrastructure or just parts of it in order to prevent further damage comes to mind.<\/p>\n<p>While this might be a tempting option to utilize, there are certain risks that are inherent with doing this, as this is often considered one of the most drastic scenarios to take.<\/p>\n<p>For example, in a complete shutdown, information and data might be lost that may never be recovered.<\/p>\n<p>Or, if a software development team is working on a mission critical application for a customer this could mean that the source code could be lost, thus, resulting in a much-delayed delivery once operations have been restored back to normal.\u00a0 A complete shutdown would not only greatly impact the entire organization, but its customers as well, especially if they are depending upon mobile apps in order to conduct their daily activities.<\/p>\n<p>A direct shutdown can also mean that any forensics evidence could also be lost, again &#8211; greatly impeding any subsequent investigations.<\/p>\n<p>Shutting down any systems, or going offline, is greatly dependent upon the magnitude of the Cyber-attack which has just occurred, and the systems and processes that are being directly impacted.\u00a0 This is not a decision to be taken lightly, as sometimes it may have to be made in just a matter of minutes.<\/p>\n<p>For instance, if the IT staff could quickly calculate the risk of any downtime incurred versus the time it would take to just remedy an infected system.\u00a0 If it is discovered that the situation can be quickly patched and there is no sensitive data that has been impacted, then there is no need to go offline.<\/p>\n<p>But this is not the only calculation to take into consideration.\u00a0 There are others that can be taken into account by mere observation of the server logs.<\/p>\n<p>For example, if it was discovered that a Cyber attacker is trying to gain access to just a certain network component of the IT Infrastructure, then a partial shutdown is warranted in order to prevent this unauthorized access from occurring.\u00a0 In this regard, a partial shutdown is a much more preferable, and less drastic approach to take than a complete shutdown.<\/p>\n<p>But there are those instances where a complete shutdown might be needed.<\/p>\n<p>For instance, if the Cyber-attack involved the use of malware or worms, these can be spread very quickly to other systems and can literally bring an organization to its knees.\u00a0 In order to prevent this from happening, it may be decided quickly to go completely offline in order to prevent the malware or the worms from causing further damage by spreading itself.<\/p>\n<p>Thus, determining which systems, and processes need to be shut down or brought offline is also a direct function of their level of importance to a business or corporation.\u00a0 This is best ascertained by conducting a Business Impact Analysis, also known as a \u201cBIA\u201d.<\/p>\n<p>This document will help to quantify the exact level of importance of these assets, what they are used for, and the impact they will have to an organization if they are indeed brought offline.\u00a0 The BIA can thus be used to determine if an impacted area of the IT Infrastructure can just be protected while a patch is being quickly developed, or if it is better to take that particular area either partially or completely offline.<\/p>\n<p>It is important to note that this decision is a combination of considering both quantitative and qualitative variables, there is no hard and fast rule for making it, and it will be unique to each and every business and corporation.<\/p>\n<h3><strong><em>Conclusions<\/em><\/strong><\/h3>\n<p><a href=\"https:\/\/media-moon.com\/blog\/the-need-for-an-incident-response-plan-part-3\/\">Our next blog post of the series<\/a> will examine the importance of a timely response to a Security breach.<\/p>\n<hr \/>\n","protected":false},"excerpt":{"rendered":"<p>The Risks and the Needs Associated of Going Offline When a business or a corporation is hit by a Cyber-attack, one of the first questions that often gets asked is just how much the IT Infrastructure has been damaged, or even if the Cyber attacker is still lurking around trying to infect other systems in [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":1680,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[146,156],"tags":[308,307,204,301,306],"class_list":["post-1677","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-business-continuity","category-cyber-security","tag-compliance-related-issue","tag-crisis-communications-plan","tag-cyber-attack","tag-incident-response-plan","tag-incident-response-team"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/media-moon.com\/blog\/wp-json\/wp\/v2\/posts\/1677","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/media-moon.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/media-moon.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/media-moon.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/media-moon.com\/blog\/wp-json\/wp\/v2\/comments?post=1677"}],"version-history":[{"count":0,"href":"https:\/\/media-moon.com\/blog\/wp-json\/wp\/v2\/posts\/1677\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/media-moon.com\/blog\/wp-json\/wp\/v2\/media\/1680"}],"wp:attachment":[{"href":"https:\/\/media-moon.com\/blog\/wp-json\/wp\/v2\/media?parent=1677"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/media-moon.com\/blog\/wp-json\/wp\/v2\/categories?post=1677"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/media-moon.com\/blog\/wp-json\/wp\/v2\/tags?post=1677"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}