Embedded Files
There are several phases of the incident response process. They are:
Establishment and training of the incident response team
Acquisition of necessary tools and resources
Selection and implementation of controls
Detection of security breaches
Analysis of impacts and reach
Containment, Eradication, and Recovery
Containment of incidents
Mitigation of incident impacts
Eradication of incident cause
Recovery from incidents
Incident reports:
Cause
Cost
Future incident prevention steps
"Acquire tools and resources that may be of value during incident handling." [38]
"Prevent incidents from occurring by ensuring that networks, systems, and applications are sufficiently secure." [38]
"Identify precursors and indicators through alerts generated by several types of security software." [38]
"Establish mechanisms for outside parties to report incidents." [38]
"Require a baseline level of logging and auditing on all systems, and a higher baseline level on all critical systems." [38]
"Understand the normal behaviors of networks, systems, and applications." [38]
"Start recording all information as soon as the team suspects that an incident has occurred." [38]
"Prioritize handling of the incidents based on the relevant factors." [38]
"Include provisions regarding incident reporting in the organization’s incident response policy." [38]
"Establish strategies and procedures for containing incidents." [38]
"Follow established procedures for evidence gathering and handling." [38]
"Obtain system snapshots through full forensic disk images, not file system backups." [38]
NIST.SP.800-61r2.pdfGoogle Sites
Report abuse