Incident Response Phases – Lessons Learned

Lessons Learned is the final phase of the incident response cycle. This is where you identify the root cause of the incident and any problems or issues you faced with the response. Your findings should always feed back into the planning phase. This keeps the cycle working and improving.

Incident Response Phases – Recovery

Recovery is the fifth phase of the incident response cycle. This is the time to bring your services back online and restore normal business operations. Just make sure you do it in a secure manner.

Incident Response Phases – Eradication

Eradication is the fourth phase of the incident response cycle. This is the implementation of more permanent measures to get the attacker out of the network and keep them out.

Incident Response Phases – Containment

Containment is the third phase of the IR Cycle. You investigate what happened and implement measures to stop the attack spreading or doing more harm than you are prepared to accept.

Incident Response Phases – Identification

Identification is the second phase of the IR Cycle. This is where you determine if an incident has happened, what type of incident and how important it is to your business.

Incident Response Phases – Preparation

Preparation is the first phase of the IR Cycle. Doing well here is the difference between good incident response and dealing with a breach or crisis.

Incident Response – Process Matters

Breaches are pretty much inevitable. Having good incident response processes can be the difference between it being painful and it being catastrophic to your organisation.