Chapter 11. Incident Response and Recovery
This chapter covers the following topics:
E-Discovery: This section covers electronic inventory and asset control, data retention policies, data recovery and storage, data ownership, data handling, and legal holds.
Data Breaches: This section describes detection and collection methods, mitigation approaches, recovery techniques, response processes, and disclosure handling.
Facilitate Incident Detection and Response: This section covers hunt teaming; heuristics; behavioral analytics; and establishing and reviewing system, audit, and security logs.
Incident and Emergency Response: Topics include chain of custody, forensic analysis of compromised systems, continuity of operations, disaster recovery, ...
Get CompTIA Advanced Security Practitioner (CASP) CAS-003 Cert Guide, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.