Implementing Countermeasures to a Security Incident

Once the cause of the incident has been identified, you should close off any entry vector the attacker has utilized. In essence, you have identified a specific threat through risk analysis and you should now mitigate that risk. This simple description applies regardless of whether the threat is a denial-of-service condition, a malicious attacker who has installed Trojan horse applications on a server, a curious employee viewing files to which he should not have access, or any of the other myriad security risks networks face today. Although the response will differ depending on the threat, the goal is to eliminate the risk and continue with normal operations.

When implementing countermeasures ...

Get Microsoft® Windows® Security Resource Kit, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.