Facing up to breaches
Organizations should have a plan for dealing with security incidents. The incident response cycle is a structured template for developing and maintaining such a plan, and it is also a good place to start our discussion of agile security operations.
The incident response cycle, which will form an important aspect of agile security operations, is depicted in the following figure:
The incident response cycle describes a process for handling incidents in several separate steps. Somewhat dependent on the organization, the incident response cycle can take several forms and may involve a somewhat different set of steps.
We will first discuss the background to the incident response cycle. In the following sections, we will briefly discuss the NIST incident response cycle and the SANS incident response cycle.