Chapter 18

Incident Response and Investigations

Abstract

When an attack begins, eventually an alert fires and kicks off investigative and responsive activities. Then incident response (IR) moves through several different phases intended to act against an attack on an organization. The order of operations associated with IR, from identification of the problem to ongoing resolution, can be defined like many other 12-step programs designed to guide behaviors, control compulsions, and otherwise recover from destructive circumstances. The 12 steps are detailed in this chapter.

Keywords

12-Step program; Incident response; Malware; Order of operations; Response readiness

Incident Response is Complicated

Although the section title sounds both basic and obvious, ...

Get Advanced Persistent Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Advanced Persistent Security by Ira Winkler, Araceli Treu Gomes

Incident Response and Investigations

Abstract

Keywords

Incident Response is Complicated

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly