From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Validation
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Validation
- [Instructor] Eradication and recovery processes are complex, and may require different activities depending upon the nature of the compromise. Therefore, it's very important that you validate your work before declaring an incident resolved. Validation is the final activity that you should undertake during the containment, eradication and recovery phase of incident response. You should do this before moving on to post incident activities. Let's take a look at the activities that should take place during validation. First, check the security of every system on your network with a particular focus on those that were involved in the compromise. Now, that might sound like a tremendous amount of work. But you can automate this step with the help of configuration management tools. You'll want to pay particular attention to ensuring that all of your systems are patched with current security updates and they're protected against…
Contents
-
-
-
-
(Locked)
Build an incident response program4m 33s
-
(Locked)
Creating an incident response team2m 25s
-
(Locked)
Incident communications plan2m 51s
-
(Locked)
Incident identification3m 50s
-
(Locked)
Escalation and notification2m 42s
-
(Locked)
Mitigation2m 46s
-
(Locked)
Containment techniques3m 21s
-
(Locked)
Incident eradication and recovery4m 38s
-
(Locked)
Validation2m 40s
-
(Locked)
Post-incident activities4m 2s
-
(Locked)
-
-
-