O'Reilly logo

Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents by Eric C. Thompson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

© Eric C. Thompson 2018
Eric C. ThompsonCybersecurity Incident Responsehttps://doi.org/10.1007/978-1-4842-3870-7_8

8. Containment

Eric C. Thompson1 
(1)
Lisle, Illinois, USA
 

Containment comes after identifying an event and concluding that action is required to limit its impact. Entities must understand the fundamentals of containment, the steps necessary to gather information on the event’s characteristics, and how to identify the population of affected systems and users and quarantine those systems until the situation is resolved and business is back to normal. These actions are undertaken by internal resources or outside experts. A strategy built around objectives drives containment. The common approach is to identify the symptoms, quarantine the ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required