From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
Unlock the full course today
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Escalation and notification
From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
Escalation and notification
- [Instructor] When security professionals detect a potential incident, they should immediately swing into first-responder mode, acting to isolate effected systems and contain the damage caused by the incident. As soon as they've handled the immediate emergency, they may then move into the escalation and notification process. This process has several important objectives. First, it evaluates the severity of the incident based upon its potential impact on the organization. Second, it escalates the incident to an appropriate level of incident response. And finally, it notifies management and other stakeholders of the incident and the path to resolution. After containing an incident, responders should begin a triaging process to identify the potential impact of that incident. The process for rating incident severity should be found in the organization's incident response procedures. One common scheme uses a three-tiered scale of…
Contents
-
-
-
Build an incident response program4m 13s
-
(Locked)
Creating an incident response team2m 15s
-
(Locked)
Incident communications plan2m 42s
-
(Locked)
Incident identification4m 26s
-
(Locked)
Escalation and notification2m 29s
-
Mitigation2m 22s
-
(Locked)
Containment techniques3m
-
(Locked)
Incident eradication and recovery5m 28s
-
(Locked)
Validation2m 24s
-
(Locked)
Post-incident activities3m 50s
-
Incident response exercises1m 37s
-
-
-
-
-