From the course: CISSP Cert Prep (2021): 7 Security Operations
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Incident identification
From the course: CISSP Cert Prep (2021): 7 Security Operations
Incident identification
- [Narrator] Once you have an incident response plan in place and a team prepared, the incident response process then enters a state of perpetual monitoring, watching for signs that an incident is occurring or has already taken place. There are many different ways that an organization might identify a security incident. The key to successful incident identification is having a robust security monitoring infrastructure. Data is crucial to incidents detection and organizations have a responsibility to collect, analyze and retain security information. Now there are many different information sources that may contribute data that's crucial to identifying and analyzing a possible security incident. These include intrusion detection and prevention systems, firewalls, authentication systems, system and file integrity monitoring systems, vulnerability scanners, system event logs, NetFlow connection records, and antimalware packages…
Contents
-
-
-
-
-
-
-
(Locked)
Build an incident response program4m 13s
-
(Locked)
Creating an incident response team2m 15s
-
(Locked)
Incident communications plan2m 42s
-
(Locked)
Incident identification4m 26s
-
(Locked)
Escalation and notification2m 29s
-
(Locked)
Mitigation2m 22s
-
(Locked)
Containment techniques3m
-
(Locked)
Incident eradication and recovery5m 28s
-
(Locked)
Validation2m 24s
-
(Locked)
Post-incident activities3m 50s
-
(Locked)
Incident response exercises1m 37s
-
(Locked)
-
-
-