ईन्सिडेन्ट रेस्पोन्स सुरक्षा घटनाहरू (उल्लङ्घन, आक्रमण) सम्हाल्ने प्रक्रिया हो — पहिचान गर्ने, सीमाबद्ध गर्ने, हटाउने, पुनर्प्राप्त गर्ने र सिख्ने। रक्षाहरूको बाबजूद उल्लङ्घनहरू हुन सक्ने भएकोले, प्रभाव सीमित गर्न प्रभावकारीतापूर्वक प्रतिक्रिया गर्ने योजना रहनु महत्त्वपूर्ण छ।
ईन्सिडेन्ट रेस्पोन्स किन महत्त्वपूर्ण छ
Despite defenses, security incidents WILL happen (no system is perfectly secure):
→ being PREPARED to respond limits damage, downtime, and data loss
→ a poor/slow/panicked response makes breaches far worse
→ have a PLAN before you need it (you can't improvise a good response mid-crisis).
ईन्सिडेन्ट रेस्पोन्स लाइफसाइकल
1. PREPARATION → plan, tools, roles, runbooks, monitoring/logging in place beforehand
2. DETECTION & ANALYSIS → identify the incident (monitoring, alerts); assess scope/severity
3. CONTAINMENT → stop the spread/limit damage (isolate affected systems, revoke access)
4. ERADICATION → remove the threat (close the vulnerability, remove malware/access)
5. RECOVERY → restore systems safely; verify they're clean; resume operations
6. POST-INCIDENT (lessons learned) → analyze what happened, improve defenses & the process
(BLAMELESS — focus on fixing, not blaming)
