From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Containment techniques
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Containment techniques
- [Instructor] The first minutes and hours of a cybersecurity incident are an incredibly stressful time. You've conducted some initial analysis and determined that an incident is taking place and you know that there is an intruder active in your network. You've been compromised, and the next steps that you take will play a significant role in the outcome of the incident. In the NIST incident handling process you've moved from the detection and analysis phase into the containment, eradication, and recovery phase. If you've done your work well in the preparation phase this is where it all pays off. The biggest difference between the earlier phases and this phase is that you've shifted from the passive activities of detection and analysis into an active phase where you're taking actions in response to the incident. Your first priority should be containing the damaged caused by the incident. You want to limit the future…
Contents
-
-
-
-
(Locked)
Build an incident response program4m 33s
-
(Locked)
Creating an incident response team2m 25s
-
(Locked)
Incident communications plan2m 51s
-
(Locked)
Incident identification3m 50s
-
(Locked)
Escalation and notification2m 42s
-
(Locked)
Mitigation2m 46s
-
(Locked)
Containment techniques3m 21s
-
(Locked)
Incident eradication and recovery4m 38s
-
(Locked)
Validation2m 40s
-
(Locked)
Post-incident activities4m 2s
-
(Locked)
-
-
-