© Eric C. Thompson 2018
Eric C. ThompsonCybersecurity Incident Responsehttps://doi.org/10.1007/978-1-4842-3870-7_2

2. Necessary Prerequisites

Eric C. Thompson1 
(1)
Lisle, Illinois, USA
 
Prior to building the incident response program, specific capabilities must exist. At a minimum, these should include adoption of a chosen framework; an understanding of the assets the entity must focus on protecting; documentation of the risks to the confidentiality, integrity, and availability of the assets; and assurance that all fundamental protective capabilities exist. Examples of these capabilities include:
  • Access-control processes and restriction of elevated privileges

  • Protection from misuse of data in motion, in use, and at rest

  • Hardening of hardware, based on ...

Get Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.