CHAPTER 4
After Detection of an Incident
This chapter discusses the immediate actions you need to initiate after your organization detects or suspects a computer security incident has occurred. It discusses the different response strategies you might consider, based on the results of your Initial Response.
During the initial response phase, you need to take the least intrusive investigative steps, while coordinating and assembling your CSIRT. This is the phase that bridges troubleshooting of a “computer glitch” to the awareness that the computer glitch may actually be a computer security incident.
Following the initial response phase is the formulate response strategy phase. You may continually revise your response strategy based on the ...
Get Incident Response & Computer Forensics, 2nd Ed., 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
