Incident management is an enormous topic, and many excellent and thorough volumes have been written about its utility and execution in the traditional IT enterprise.
At its core, incident management is a life cycle-driven set of activities that range from planning, detection, containment, eradication, and recovery, to the final learning process about what went wrong and how to improve your security posture to prevent similar future incidents.
This chapter provides guidance for organizations—corporate or otherwise—that plan to integrate IoT systems into their enterprises, and that need to develop or update their incident response plans to suit.
Incident management for IoT systems follows the same frameworks that are already familiar to us. There are simply new considerations and questions to answer when trying to plan effective responses to compromised IoT-related systems.
To distinguish the IoT from conventional IT, consider the following...