Analyzing a Security Incident
Once an incident has been identified—regardless of who identifies it—the information must be communicated to the incident response team. Following that communication, a number of steps must be taken by the response team. The individual steps taken will differ depending on the specifics of the incident. Possible steps include these:
- Determine the cause.
- Prevent further exploitation of the attack vector.
- Avoid attack escalation and further incidents.
- Restore the computers’ services.
- Assess the impact and damage of the incident.
- Update policies and procedures as needed, based on the lessons learned from the security incident.
Find out who launched the attack (if appropriate and possible) and take business-appropriate ...
Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.