Incident response

Incident response is a set of steps that are used to handle the aftermath of a data breach or cyberattack

Steps

Preparation

This step determines how the origination will respond in case a data breach or cyberattack occurs (It's established before the incident)

List of assets (Risk assessment)
Communication
Documentation
Training
IR plan

Identification

Determinate whether a data breach or cyberattack happened or not

Containment

Once an incident is identified, then affected assets are isolated

Short-term
Long-Term

Eradication

Eliminate the cause of the data breach or cyberattack

Recovery

Bring the affected assets back to production and monitor them to ensure everything is back to normal

Lessons Learned

Finish up documentation and answer some follow-up questions regarding how to improve the current process

ID

51a6dc04-1550-4e08-a1e9-f4e909959b4f

References

https://en.wikipedia.org/wiki/Computer_security_incident_management
https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf
https://www.cisa.gov/cyber-incident-response

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Incident response

Steps

Preparation

Identification

Containment

Eradication

Recovery

Lessons Learned

ID

References

Files

README.md

Latest commit

History

README.md

File metadata and controls

Incident response

Steps

Preparation

Identification

Containment

Eradication

Recovery

Lessons Learned

ID

References