Home > Articles > Responding to a Breach

Responding to a Breach

Chapter Description

In this sample chapter from Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer, you will explore the basic concepts for proper incident response procedure to understand why organizations commonly fail at the process when responding to a breach. The authors also share techniques used by organizations that have a successful incident response plan and provide an overview of industry-proven components required to build an incident response process within your organization.


There is no easy answer when it comes to responding to a breach. Successful organizations must understand breach response is a critical part of an incident response plan. The key to a successful incident response plan includes having executive support for cybersecurity and incident response within an organization that is independent of traditional management structure. Incident response plans should include basic components that allow investigators to quickly gather, analyze, and understand data. Data management software such as log management, security analytics, and governance, risk management, and compliance (GRC) can greatly assist incident teams responding to a breach. Lastly, an organization must instruct its public relation teams on the best methods to communicate to both internal and external parties about a breach while also informing shareholders and meeting all legal requirements.

As a network and digital forensics specialist, you likely will be involved in this process. You may be involved in only a small portion or a subset of a response process. Your role may be more technical or more managerial, but it is important to understand the full process that organizations go through in responding to a breach to be fully prepared for your own specific function.

This chapter should have given you an understanding from a management point of view how an incident response process is built. Your primary job as a network engineer is using your technical skills to provide support throughout this process. In the next chapter, we look at the details required to accomplish incident response and forensic tasks.

12. References | Next Section Previous Section

There are currently no related articles. Please check back later.