6

Incident Handling

Having a solid Incident Response (IR) process will enhance the foundation of your security posture. Your incident handling process should dictate how to handle security incidents and respond to them rapidly.

The next step will involve learning how to put all the available tools and talent together to handle an incident. This chapter will go beyond the tools, and you will also learn how to approach an incident, ask the right questions to find the root cause, and narrow down the scope to be able to go from incident red status to green. In the second part of the chapter, we will learn about phishing incident handling as an example. Phishing is still one of the biggest attack vectors for any organization, and it will be useful ...

Get Incident Response in the Age of Cloud now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.