From the course: CISSP Cert Prep (2021): 7 Security Operations
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Incident eradication and recovery
From the course: CISSP Cert Prep (2021): 7 Security Operations
Incident eradication and recovery
- [Instructor] Once you've successfully contained a security incident, you can take a moment to breathe a sigh of relief, but the work of incident response has only just begun. You've managed to contain the damage caused by the incident but now you must move on to the eradication and recovery stages of the process. Your goal during eradication is to remove any traces of the incident from your systems and networks. If attackers compromised user accounts, you'll need to secure those accounts. If they compromised systems or network devices, you'll need to secure those configurations as well. Basically, you need to go through your network and remove any traces of the security incident so that you can be certain that you've effectively secured your organization. The second goal you have during this stage of the process is recovery, this means that you need to restore normal business operations. Now, while the process describes…
Contents
-
-
-
-
-
-
-
(Locked)
Build an incident response program4m 13s
-
(Locked)
Creating an incident response team2m 15s
-
(Locked)
Incident communications plan2m 42s
-
(Locked)
Incident identification4m 26s
-
(Locked)
Escalation and notification2m 29s
-
(Locked)
Mitigation2m 22s
-
(Locked)
Containment techniques3m
-
(Locked)
Incident eradication and recovery5m 28s
-
(Locked)
Validation2m 24s
-
(Locked)
Post-incident activities3m 50s
-
(Locked)
Incident response exercises1m 37s
-
(Locked)
-
-
-