2.3 Execute appropriate incident response procedures
An incident response procedure is to be followed when a security breach or security violation has occurred. One of the most important goals of incident response is containment: the protection and preservation of evidence. This may require taking systems offline, duplicating hard drives using imaging software, making photographs of monitor displays, documenting strange conditions or activities, disconnecting a server from the network, and so on.
For end users, the incident response policy is simple and direct: They should step away from their computer system and contact the incident response team. For the CIRT (computer incident response team), the incident response policy is more involved. ...
Get CompTIA Security+™: Review Guide, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.