¶ … component of effective incident handling is a security management team that is engaged in constant preparation and network scanning for such a breach. "Once your security team declares there has been a breach, it should inform the incident management team, and it should assemble within minutes" (Schilling, 2013, p.3). The team should then conduct "network forensics, systems forensics and malware analysis" to understand the extent of the threat and "by reviewing network and security event logs, a forensic analyst can determine which computer systems are likely compromised" (Schilling 2013, p.3). There may not be a need to shut down the entire system; the question is the extent to which the threat can be isolated and contained. "Once an infected system is recovered for analysis, the forensics analysts will examine the system to retrieve the files that are responsible for the threat activity. These files are normally hiding some type of Trojan or back door" (Schilling 2013, p.3). The purpose of such deep forensic analysis is to determine the threat indicators and to construct the necessary security controls to prevent the incident from reoccurring. The containment plan is, of course, the most critical part of the response: to prevent the threat from happening again. After the threat is isolated, the team can "update antivirus and intrusion protection signatures, change firewall rules, and block communications with the Internet addresses of the suspected 'bad guy'...

Going over why the incident occurred and debriefing non-technical as well as IT staff on how to prevent it from reoccurring in the future is also essential, particularly if it was due to human error rather than intrinsic systemic vulnerabilities.
Topic 2 - Business continuity planning

As well as having a plan to deal with possible security incidents, it is also imperative to have a business continuity plan, or a plan on how to proceed even in the face of a disaster, such as a network failure or even a natural disaster like a blizzard that impedes the ability of the organization to function. "A BC plan outlines procedures and instructions an organization must follow in the face of such disasters; it covers business processes, assets, human resources, business partners and more" (Lindros & Tittel 2013). It does not cover the demands of 'mopping up' the 'spillover' or fallout of a disaster of any kind, rather it ensures that a business can still make money and serve its customers with minimal interruption. For example, if an office is hit by a hurricane and loses power (or is leveled), one possible option might be to have workers operate from home.

Working from home might be an option for an IT breach of security that caused the main network to crash if the incident. Or it might involve attempting to isolate and contain the problem so workers could go about…