Incident response process

While responding to an incident, the following processes are followed:

  • Preparation: The preparation phase is where the different incident response plans are already written and kept up to date.
  • Identification: Once an incident has occurred, it is important that the appropriate incident response plan is invoked and the personnel needed are notified.
  • Containment: When dealing with the incident, it is important that the volatile evidence is secured and then we prevent the incident from spreading any further.
  • Eradication: In the eradication phase, we want to destroy the source of the incident. For example, if it is a virus, we want it totally removed.
  • Recovery: In the recovery phase, we are getting the company back ...

Get CompTIA Security+ Certification Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.