CHAPTER 4Incident Response and Recovery

This chapter focuses your attention in the here and now by applying the kill chain concept operationally. You’ll start by assuming that multiple attacks, each in its own different phase of its own unique kill chain, are happening right now. You’ll also assume that other systems anomalies, which might be accidents or design flaws raising their bad-news heads, are also occurring in the midst of your day by day, moment by moment watch-standing activities. You’ll make it part of your checklist-driven approach to defending your systems and the information that keeps your organization alive and flourishing. This is all about translating all of the decisions you made during risk management and mitigation ...

Get The Official (ISC)2 SSCP CBK Reference, 5th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.