Chapter 18

Incident Response and Investigations

Abstract

When an attack begins, eventually an alert fires and kicks off investigative and responsive activities. Then incident response (IR) moves through several different phases intended to act against an attack on an organization. The order of operations associated with IR, from identification of the problem to ongoing resolution, can be defined like many other 12-step programs designed to guide behaviors, control compulsions, and otherwise recover from destructive circumstances. The 12 steps are detailed in this chapter.

Keywords

12-Step program; Incident response; Malware; Order of operations; Response readiness

Incident Response is Complicated

Although the section title sounds both basic and obvious, ...

Get Advanced Persistent Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.