Security Monitoring, Incident Handling, and Testing
All information security teams regularly perform monitoring, incident handling, and testing. Monitoring and incident handling are the day-to-day activities every team performs. They run automated scanners, review audit logs, and generally keep an eye on the security status of the IT infrastructure. When an anomalous situation is found, the security team responds by investigating the situation and shutting down the avenue of attack. After a security incident, the security team will investigate the affected systems and perform a damage assessment. They will meet with management to discuss how and why the attack occurred, and formulate plans to repair ...
Get Access Control and Identity Management, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.