Chapter 10. Managing Security Incidents

The focus of this chapter will be on presenting the idea of security incidents and response. First, we will define a security incident and then move on to developing the process of responding, including roles and procedures for remediation. Getting buy-in from other teams outside of security, including management, is key to the success and effectiveness of an incident response capability. The Taking action section will cover both internal response and leveraging of third parties when necessary. This chapter focuses on the basics of developing and implementing a security incident response capability in the enterprise. Incident response forms and process flow are included in Appendix E, Security Incident Response ...

Get Enterprise Security: A Data-Centric Approach to Securing the Enterprise now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.