From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Incident identification
From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
Incident identification
- [Narrator] Once you have an incident response plan in place and a team prepared, the incident response process then enters a state of perpetual monitoring. Watching for signs that an incident is occurring or has already taken place. There are many different ways that an organization might identify a security incident. The key to successful incident identification is having a robust security monitoring infrastructure. Data is crucial to incidents detection, and organizations have a responsibility to collect, analyze and retain security information. Now there are many different information sources that may contribute data that's crucial to identifying and analyzing a possible security incident. These include Intrusion Detection and Prevention Systems, firewalls, authentication systems, system and file integrity monitoring systems, vulnerability scanners, system event logs, Net flow connection records and anti-malware…
Contents
-
-
-
Build an incident response program4m 13s
-
(Locked)
Creating an incident response team2m 15s
-
(Locked)
Incident communications plan2m 42s
-
(Locked)
Incident identification4m 26s
-
(Locked)
Escalation and notification2m 29s
-
Mitigation2m 22s
-
(Locked)
Containment techniques3m
-
(Locked)
Incident eradication and recovery5m 28s
-
(Locked)
Validation2m 24s
-
(Locked)
Post-incident activities3m 50s
-
Incident response exercises1m 37s
-
-
-
-
-