From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Post-incident activities
From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
Post-incident activities
- [Instructor] Once the incident response team returns the organization to a normal operating state, avoid the temptation to end the response effort without completing an important final step, post-incident activities. Let's talk about three important post-incident activities. The lessons learned process, evidence retention, and the generation of indicators of compromise. The lessons learned process is designed to provide everyone involved in the incident response effort an opportunity to reflect on their individual role in the incident and the team's response overall. The lessons learned process provides an opportunity to improve the processes and technologies used in incident response to better respond to future security crises. And the most common way to conduct a lessons learned session is to gather everyone in the same room, or connect them by video conference or telephone and ask a trained facilitator to lead a…
Contents
-
-
-
Build an incident response program4m 13s
-
Creating an incident response team2m 15s
-
Incident communications plan2m 42s
-
Incident identification4m 26s
-
Escalation and notification2m 29s
-
Mitigation2m 22s
-
Containment techniques3m
-
Incident eradication and recovery5m 28s
-
Validation2m 24s
-
Post-incident activities3m 50s
-
Incident response exercises1m 37s
-
-
-
-
-