Incident management is a critical component in managing security incidents and acts as a resort to contain and remedy security compromise for mitigating the impact. Targeted attacks and self-propagating malware outbreaks are common occurrences which have the potential to disrupt operations, compromise competitive advantage and in the worse case challenge the organisation’s viability. A poorly executed incident plan often compounds financial impact. Recent legislation further mandates the need for a robust and working incident response plan.
Incident Response Capability measures performance in managing, detecting and responding to security incidents during and after the fact. Instrumentation of cloud services to capture logs and artifacts, along with monitoring and detection of anomalous and suspicious activities, is critical to detecting threats, thwarting incidents and enabling fast, efficient remediation.