GCIH GIAC Certified Incident Handler All-in-One Exam Guide

CHAPTER 2 Intrusion Analysis and Incident Handling

In this chapter you will learn how to

• Prepare to handle an incident

• Identify, triage, and analyze suspicious behavior that may indicate an ongoing incident

• Contain and eradicate an attack

• Recover affected assets to BAU

Incident Handling Introduction

Various frameworks are often used for intrusion handling and incident response. A few of the most common ones are the kill chain and diamond models, but the one used most often is based on National Institute of Standards and Technology (NIST) SP 800-61 revision 2.

EXAM TIP Although you don’t necessarily need to be familiar with ...

Get GCIH GIAC Certified Incident Handler All-in-One Exam Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

GCIH GIAC Certified Incident Handler All-in-One Exam Guide by Nick Mitropoulos

CHAPTER 2

Intrusion Analysis and Incident Handling

Incident Handling Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly