While responding to an incident, the following processes are followed:
- Preparation: The preparation phase is where the different incident response plans are already written and kept up to date.
- Identification: Once an incident has occurred, it is important that the appropriate incident response plan is invoked and the personnel needed are notified.
- Containment: When dealing with the incident, it is important that the volatile evidence is secured and then we prevent the incident from spreading any further.
- Eradication: In the eradication phase, we want to destroy the source of the incident. For example, if it is a virus, we want it totally removed.
- Recovery: In the recovery phase, we are getting the company back ...