AWS Certified Security Specialty All-in-One Exam Guide (Exam SCS-C01)

CHAPTER 2 Cloud Security Event Investigation

In this chapter, you will learn about

• Which AWS services are used in an incident response plan

• Looking for indicators of a cloud security event

• Determining the RCA (root cause analysis) of an event

A security event can be described as an abnormal operation of your environment or network indicating that a security policy might have been violated or a security safeguard might have failed. The difference between “might have been violated/might have failed” and “has been violated/has failed” is the difference between an event and an incident. In this chapter will be discussing events.

Determining if a cloud security event has occurred is similar to how you would determine if a security event ...

Get AWS Certified Security Specialty All-in-One Exam Guide (Exam SCS-C01) now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

AWS Certified Security Specialty All-in-One Exam Guide (Exam SCS-C01) by Tracy Pierce, Aravind Kodandaramaiah, Rafael Koike, Alex Rosa

CHAPTER 2

Cloud Security Event Investigation

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly