From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Incident identification

Incident identification

From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response

Start my 1-month free trial

Incident identification

- [Instructor] Once you have an incident response plan in place and a team prepared, the incident response process then enters a state of perpetual monitoring, watching for signs that an incident is taking place or has already occurred. There are many different ways that an organization might identify a security incident. The key to successful incident identification is having a robust security monitoring infrastructure. Data is crucial to incident detection, and organizations have a responsibility to collect, analyze, and retain security information. There are many different information sources that may contribute data crucial to identifying and analyzing a possible security incident. These include intrusion detection and prevention systems, firewalls, authentication systems, system integrity monitors, vulnerability scanners, system event logs, NetFlow connection records, and anti-malware packages, among many other…

Contents