The response continuum

Abstract

Active response is a sequence of actions performed specifically to mitigate a detected threat. Response decisions always follow detection: a decision to take 'no action' remains a response decision. However, active response is a complex subject that has received insufficient formal attention. To facilitate discussion, this paper provides a framework that proposes a common definition, describes the role of response and the major issues surrounding response choices, and finally, provides a model for the process of response. This provides a common starting point for discussion of the full response continuum as an integral part of contemporary computer security.