Skip to Content
Applied Incident Response
book

Applied Incident Response

by Steve Anson
January 2020
Intermediate to advanced
464 pages
14h 8m
English
Wiley
Content preview from Applied Incident Response

CHAPTER 13Continuous Improvement

Most international management standards stress the importance of continuous improvement. This involves constantly examining your operation for opportunities to enhance your efficiency and effectiveness. As we mentioned in Chapter 2, “Incident Readiness,” incident response is not a stand‐alone process but an integral part of a cycle of prevention, detection, and response. The desired output from incident handling should not simply be mitigating a specific incident, but also providing valuable information to network defenders to improve preventive and detective controls. This chapter will explore ways to ensure that your incident response process feeds back into your overall network defense.

Document, Document, Document

One of your most important jobs as an incident handler is to accurately document your actions. Throughout your career, you may work hundreds of incidents or more. Recalling specific technical details from each of these, particularly when asked to do so months after the incident has concluded, is impossible without detailed notes made at the time of the incident. As an incident is unfolding, you do not know in advance if it will resolve quickly or evolve into a massive, public data breach, placing you in the center of legal proceedings. You must therefore take accurate notes for every incident, including dates and times for your actions, to ensure that you are ready to respond correctly to any questions that may arise.

Each incident ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

AirBnbBlueOriginElectronic ArtsHomeDepotNasdaqRakutenTata Consultancy Services

QuotationMarkO’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
Julian F.
Head of Cybersecurity
QuotationMarkI wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.
Addison B.
Field Engineer
QuotationMarkI’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.
Amir M.
Data Platform Tech Lead
QuotationMarkI'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Mark W.
Embedded Software Engineer

You might also like

Intelligence-Driven Incident Response

Intelligence-Driven Incident Response

Scott J Roberts, Rebekah Brown

Publisher Resources

ISBN: 9781119560265Purchase book