6.3. Differentiate between and execute appropriate incident response procedures.

An incident response procedure is to be followed when a security breach or security violation has occurred. One of the most important goals of incident response is containment: the protection and preservation of evidence. This may require taking systems offline, duplicating hard drives using imaging software, making photographs of monitor displays, documenting strange conditions or activities, disconnecting a server from the network, and so on.

NOTE

For more information on this topic, see Chapter 6 of the CompTIA Security+ Study Guide, 4th Edition (Sybex, November 2008).

For end users, the incident response policy is simple and direct: They should step away from ...

Get CompTIA Security+™: Review Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.