Security Monitoring, Incident Handling, and Testing

All information security teams regularly perform monitoring, incident handling, and testing. Monitoring and incident handling are the day-to-day activities every team performs. They run automated scanners, review audit logs, and generally keep an eye on the security status of the IT infrastructure. When an anomalous situation is found, the security team responds by investigating the situation and shutting down the avenue of attack. After a security incident, the security team will investigate the affected systems and perform a damage assessment. They will meet with management to discuss how and why the attack occurred, and formulate plans to repair the damage and fortify the infrastructure ...

Get Access Control and Identity Management, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.