From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Incident identification
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Incident identification
- [Instructor] Once you have an incident response plan in place and a team prepared, the incident response process then enters a state of perpetual monitoring, watching for signs that an incident is taking place or has already occurred. There are many different ways that an organization might identify a security incident. The key to successful incident identification is having a robust security monitoring infrastructure. Data is crucial to incident detection, and organizations have a responsibility to collect, analyze, and retain security information. There are many different information sources that may contribute data crucial to identifying and analyzing a possible security incident. These include intrusion detection and prevention systems, firewalls, authentication systems, system integrity monitors, vulnerability scanners, system event logs, NetFlow connection records, and anti-malware packages, among many other…
Contents
-
-
-
-
Build an incident response program4m 33s
-
Creating an incident response team2m 25s
-
Incident communications plan2m 51s
-
Incident identification3m 50s
-
Escalation and notification2m 42s
-
Mitigation2m 46s
-
Containment techniques3m 21s
-
Incident eradication and recovery4m 38s
-
Validation2m 40s
-
Post-incident activities4m 2s
-
-
-
-