Incident Damage and Loss Control – CompTIA Security+ SY0-401: 2.5

Nearly all security incidents will incur some level of damage or loss of data. In this video, you’ll learn how to limit the spread of the damage.

<< Previous Video: Data BreachesNext: Security Policy Training and Procedures >>

One of the challenge we have as a security professional is making sure that when an incident occurs that we’re able to minimize the amount of damage, or minimize the amount of loss that has occurred. Somebody was to steal a laptop, maybe we’re only concerned about the hardware cost of the laptop, because we have encryption of the entire hard drive on that laptop. So that changes how much damage or how much loss we’re really having over that incident.

This does need to be part of your response policy though as what do you do? Is there a way to minimize that? If you walk up to a machine that has a virus on it, it is being compromised by a piece of spyware, maybe we unplug that computer right away. But what if that computer was our primary web server that all of our customers use? Does it make sense to unplug that, if we’re relatively certain that virus is not impacting their particular service that they’re doing on our website? So maybe we don’t want to pull it from the network, maybe we want to simply partition off, or in some way minimize the impact of that virus to our end users.

That’s one of the challenges we have is determining how far do we go. We don’t want to cut off our nose to spite our face. But we still want to be sure that our organization is protected and that our systems are secure. Every case is going to be a little bit different. And you as a security professional have to be knowledgeable enough about what you’re seeing. And you also, very often, are communicating with others within your organization to make a determination of what you’re going to do. Do we turn this computer off? Do we unplug it? Do we capture the hard drive information? Do we put a replacement in place? You now need to make all of those very, very difficult decisions, because they all are going to have an impact later on what you can do with the system and how much information you’re gathering. They’re also going to impact the uptime and availability of these very important resources for your organization.