Hi malware fighters,
According to the SANS Institute the incident response should include the following 6 steps:
1. Preparation: The organization educates users and IT staff of the importance of updated security measures and trains them to respond to computer and network security incidents quickly and correctly.
2. Identification: The response team is activated to decide whether a particular event is, in fact, a security incident. The team may contact the CERT Coordination Center, which tracks Internet security activity and has the most current information on viruses and worms, re:
http://whatis.techtarget.com/definition/0,,sid9_gci213844,00.html 3. Containment: The team determines how far the problem has spread and contains the problem by disconnecting all affected systems and devices to prevent further damage.
4. Eradication: The team investigates to discover the origin of the incident. The root cause of the problem and all traces of malicious code are removed.
5. Recovery: Data and software are restored from clean backup files, ensuring that no vulnerabilities remain. Systems are monitored for any sign of weakness or recurrence:
http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci211633,00.html 6. Lessons learned: The team analyzes the incident and how it was handled, making recommendations for better future response and for preventing a recurrence,
pol
