Handling Incident Response

You learned earlier in this chapter that there are six steps to responding to a security incident. These steps are not purely linear. You may repeat some steps several times while responding to incidents. Each step is important because it isolates a specific area of concentration that you must address to respond well to any incident.

For simple incidents, several steps may be combined or are trivial. Regardless of an incident’s simplicity, however, each step is important. A solid incident response plan ensures a CSIRT will address each step for all types of incidents.


The first step in a proper incident response is to prepare for the incident. In other words, get ready for incidents before they occur. ...

Get Security Strategies in Windows Platforms and Applications, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.