Access Control and Identity Management, 3rd Edition by Mike Chapple

All information security teams regularly perform monitoring, incident handling, and testing. Monitoring and incident handling are the day-to-day activities every team performs. They run automated scanners, review audit logs, and generally keep an eye on the security status of the IT infrastructure. When an anomalous situation is found, the security team responds by investigating the situation and shutting down the avenue of attack. After a security incident, the security team will investigate the affected systems and perform a damage assessment. They will meet with management to discuss how and why the attack occurred, and formulate plans to repair ...