According to the U.S.
Department of Homeland Security (DHS), the purpose of the Incident Response Checklist and Cycle
(that is, the period between when an incident is identified and when it is
resolved and reported) is twofold: to minimize damage and exposure (that is,
risk mitigation) as well as to facilitate an effective recovery. Moreover,
within the risk mitigation goal, a hierarchy of priorities is suggested,
arranged from higher to lower priorities and including the following: human
life and safety; sensitive or mission-critical systems and information; other
systems and information; damage to systems or information; and disruption of
access or services.
The items on the checklist include a series of sequential,
high-level steps grouped into three phases: (1) Detection, Assessment, and
Triage (for which the objective is to limit the risk and damage in such a way
that if the problem does escalate, investigation can proceed promptly and with
evidence intact); (2) Containment, Evidence Collection, Analysis, and
Investigation; and (3) Remediation, Recovery, and Post-Mortem. Based on this
three-phase scheme, the Department of
Homeland SecurityÂ’s recommended steps are as follows:
Department of Homeland Security (DHSW); Incident Response; Risk.
U.S. Department of Homeland Security. Incident Handling Checklists. [Online,
2004.] U.S. Department of Homeland Security Website. http://www.fedcirc.gov/