“Computer security incident response has become
an important component of information technology
(IT) programs. Because performing incident response
effectively is a complex undertaking, establishing a successful incident response capability requires substantial planning and resources.”
The excerpt above from the National Institute of Standards and Technology (NIST) perfectly underscores the importance of having an effective plan when responding to security incidents. The faster the response, the more managed the risk may be to contain by minimizing the potential scope of exposure. The second half of this equation — the remediation process — will vary greatly depending on the tools available to IT. By aligning with the proper recovery tools, remediation time for compromised systems can be significantly reduced.