Eric C. ThompsonCybersecurity Incident Responsehttps://doi.org/10.1007/978-1-4842-3870-7_8

8. Containment

Eric C. Thompson¹

(1)

Lisle, Illinois, USA

Containment comes after identifying an event and concluding that action is required to limit its impact. Entities must understand the fundamentals of containment, the steps necessary to gather information on the event’s characteristics, and how to identify the population of affected systems and users and quarantine those systems until the situation is resolved and business is back to normal. These actions are undertaken by internal resources or outside experts. A strategy built around objectives drives containment. The common approach is to identify the symptoms, quarantine the ...

Get Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents by Eric C. Thompson

8. Containment

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly