Handling Incident Response
You learned earlier in this chapter that there are six steps to responding to a security incident. These steps are not purely linear. You may repeat some steps several times while responding to incidents. Each step is important because it isolates a specific area of concentration that you must address to respond well to any incident.
For simple incidents, several steps may be combined or are trivial. Regardless of an incident’s simplicity, however, each step is important. A solid incident response plan ensures a CSIRT will address each step for all types of incidents.
Preparation
The first step in a proper incident response is to prepare for the incident. In other words, get ready for incidents before they occur. ...
Get Security Strategies in Windows Platforms and Applications, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.