Incident response handling

Every network, no matter how secure, has some security events (even if just false alarms). Staff must know beforehand how to handle these events. Important points that must be resolved are: when should one call law enforcement, when should one call an emergency response team, when should network connections be severed, and what is the recovery plan if an important server is compromised? CERT provides general incident response handling capabilities for the United States. FedCIRC is the incident response handling service for the civilian federal government.