CompTIA Security+ SY0-601 Cert Guide, 5th Edition

Chapter 27

Summarizing the Importance of Policies, Processes, and Procedures for Incident Response

This chapter covers the following topics related to Objective 4.2 (Summarize the importance of policies, processes, and procedures for incident response) of the CompTIA Security+ SY0-601 certification exam:

Incident response plans
Incident response process
- Preparation
- Identification
- Containment
- Eradication
- Recovery
- Lessons learned
Exercises
- Tabletop
- Walkthroughs
- Simulations
Attack frameworks
- MITRE ATT&CK
- The Diamond Model of Intrusion Analysis
- Cyber Kill Chain
Stakeholder management
Communication plan
Disaster recovery plan
Business continuity plan
Continuity of operations planning (COOP)
Incident response team
Retention policies

A recent ...

Get CompTIA Security+ SY0-601 Cert Guide, 5th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CompTIA Security+ SY0-601 Cert Guide, 5th Edition by Omar Santos, Ron Taylor, Joseph Mlodzianowski

Chapter 27

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly