घटना प्रतिक्रिया ही सुरक्षा घटना (उल्लंघन, हल्ले) हाताळण्याची प्रक्रिया आहे — शोधणे, समावरणे, उच्चाटन करणे, पुनर्प्राप्त करणे आणि शिकणे. रक्षा असूनही उल्लंघन घडू शकतात, म्हणून प्रभावीपणे प्रतिक्रिया देण्याची योजना असणे नुकसान मर्यादित करण्यासाठी महत्वाचे आहे.
घटना प्रतिक्रिया महत्वाची का आहे
Despite defenses, security incidents WILL happen (no system is perfectly secure):
→ being PREPARED to respond limits damage, downtime, and data loss
→ a poor/slow/panicked response makes breaches far worse
→ have a PLAN before you need it (you can't improvise a good response mid-crisis).
घटना प्रतिक्रिया जीवनचक्र
1. PREPARATION → plan, tools, roles, runbooks, monitoring/logging in place beforehand
2. DETECTION & ANALYSIS → identify the incident (monitoring, alerts); assess scope/severity
3. CONTAINMENT → stop the spread/limit damage (isolate affected systems, revoke access)
4. ERADICATION → remove the threat (close the vulnerability, remove malware/access)
5. RECOVERY → restore systems safely; verify they're clean; resume operations
6. POST-INCIDENT (lessons learned) → analyze what happened, improve defenses & the process
(BLAMELESS — focus on fixing, not blaming)
