Incident Handling Procedures in LAN
Introduction
Local area networks (LAN) have become a crucial tool in meeting data and communication needs of organizations and therefore the need to enhance LAN security and minimize incidences. A LAN security incident may be defined as an event that threatens the security of the LAN network resulting to loss of data, unauthorized access, disruption and compromise of systems integrity (Heiser 2002; Klomp, 2002).
Organizations should develop concrete incident handling procedures. A good incident handling procedure policy comprises of six main steps namely: i.e. preparation, detection, containment, eradication, recovery and follow up.
Preparation is the most important component in handling incidences. This process involves identifying organizations assets, the potential threats and documenting a policy on how to resolve incidences should they occur.
Identification involves having systems in place that detect if an incident has occurs, the nature of the incident and a trail of evidence generated. It further entails notifying appropriate parties who will handle the incidence (SANS Institute, 2011).
Containment the scope of once an incident has been detected the next step, it aims is to stop potential loss of data or further damage, by protecting other computers in the network.
Eradication and recovery in incidence handling involves eliminating of the cause of the incident (Shinil, 2007; West-Brown, 2002). Concealment of the corrective action is important to avoid instances of reoccurrence. This is combined with the restoration of normal service and ensuring that the system quality is fully restored.
Follow up is the last step in incidence handling and learning from incidences to prevent future occurrence.
Conclusion
Every organization should strive to have a well documented incident handling policy. All employees should be sensitized on its contents to minimize threats that are IT related.
References
Heiser,G. (2002). Computer Forensics: Incident Response Essentials. Chicago:
McGraw Hill
Information technology services (2008) Incident Handling
http://www.ucop.edu/irc/itsec/uc/incident_handling.html
Klomp, J (2002) Security problems for small companies. Retrieved from
http://www.sans.org
SANS Institute (2011). Hackers Techniques, Exploits & Incident handling. Retrieved from
http://www.sans.org
Shinil. H, (2007) Security Incident Handling University at Buffalo: The State University
of New York . Retrieved from
http://computersecurity.buffalo.edu/presentations-07/shinil-UB_InfoSec_Workshop_Incident_Handling_part1.pdf
West-Brown, M (2003). Handbook for computer security incident response teams (CSIRTs).
Chicago: McGraw Hill
