Chapter 15

Implementing the Appropriate Incident Response

This chapter covers the following topics:

  • Event Classifications: This section covers false positives, false negatives, true positives, and true negatives.

  • Triage Event: This section describes how the triage process is used to prioritize incidents.

  • Preescalation Tasks: This section covers activities that should occur prior to any incident escalation.

  • Incident Response Process: This section covers preparation, detection, analysis, containment, recovery, and lessons learned.

  • Specific Response Playbooks/Processes: This section describes scenarios such as ransomware, data exfiltration, and social engineering. It also covers non-automated response methods and automated response methods such ...

Get CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial