Incident response is an approach to managing a security incident process. An incident response plan is needed to approach security incidents systematically. A successful incident response plan includes the following 6 stages:

1- Preparation

2- Identification

3- Scope

4- Eradication

5- Recovery

6- Lessons Learned

1- Preparation

Creating a Central Registration System

It is important in terms of saving time that all data can be examined from a single point with a central log collection system that can manage large files.

Time Synchronization

Enabling NTP on all devices in the network is important for matching the time information of the logs collected.

User Account Management

The fact that the user names of different accounts belonging to personnel are the same and different from other personnel makes it easy to monitor user activities in the event of an incident.

Management of System and Service Accounts

The administrators of the services and systems used should be appointed and a document should be created on how to reach these managers if needed.

Asset Management

Instant access to information such as devices, operating systems, patch versions, and critical status should be available.

Secure Communication

If necessary, the team may need to communicate independently of the internal network, for such cases mobile phone or secondary emails can be used.