Lessons Learned is the final phase of the incident response cycle. This is where you identify the root cause of the incident and any problems or issues you faced with the response. Your findings should always feed back into the planning phase. This keeps the cycle working and improving.
Recovery is the fifth phase of the incident response cycle. This is the time to bring your services back online and restore normal business operations. Just make sure you do it in a secure manner.
Eradication is the fourth phase of the incident response cycle. This is the implementation of more permanent measures to get the attacker out of the network and keep them out.
Containment is the third phase of the IR Cycle. You investigate what happened and implement measures to stop the attack spreading or doing more harm than you are prepared to accept.
Identification is the second phase of the IR Cycle. This is where you determine if an incident has happened, what type of incident and how important it is to your business.
Preparation is the first phase of the IR Cycle. Doing well here is the difference between good incident response and dealing with a breach or crisis.
Breaches are pretty much inevitable. Having good incident response processes can be the difference between it being painful and it being catastrophic to your organisation.
Incident response is often a stressful, high-pressure situation. Responders are desperately trying to claw together information. All around them the world is collapsing. Furthermore, everything important seems to be deleted…
No matter how much expert knowledge you have, how good you think your memory is, using a checklist is simply good security practice.
Lots of articles, blog posts and webcasts talk about threat hunting. Despite this few, if any, organisations do it. This is a mistake. Security hit the headlines again recently, when…