From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Unlock the full course today
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Incident eradication and recovery
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Incident eradication and recovery
- [Instructor] Once you've successfully contained the security incident, you can take moment to breathe a sigh of relief, but the work of incident response has only just begun. You've managed to contain the damage caused the incident, but now you just move on to the eradication and recovery stages of the process. Your goal during eradication is to remove any traces of the incident from your systems and networks. If attackers compromised user accounts, you'll need to secure those accounts. If they compromised systems or network devices, you'll need to secure those configurations as well. Basically you need to go through your network and remove any traces of the security incident so that you can be certain that you're effectively secured your organization. The second goal you have during this stage of the process is recovery. That means that you need to restore normal business operations. While the process describes…
Contents
-
-
-
-
Build an incident response program4m 33s
-
Creating an incident response team2m 25s
-
Incident communications plan2m 51s
-
Incident identification3m 50s
-
Escalation and notification2m 42s
-
Mitigation2m 46s
-
Containment techniques3m 21s
-
Incident eradication and recovery4m 38s
-
Validation2m 40s
-
Post-incident activities4m 2s
-
-
-
-