O'Reilly logo

Incident Response & Computer Forensics, 2nd Ed. by Chris Prosise, Kevin Mandia

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 4
After Detection of an Incident
 
This chapter discusses the immediate actions you need to initiate after your organization detects or suspects a computer security incident has occurred. It discusses the different response strategies you might consider, based on the results of your Initial Response.
During the initial response phase, you need to take the least intrusive investigative steps, while coordinating and assembling your CSIRT. This is the phase that bridges troubleshooting of a “computer glitch” to the awareness that the computer glitch may actually be a computer security incident.
Following the initial response phase is the formulate response strategy phase. You may continually revise your response strategy based on the ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required