Incident Response Plan
1) Preparation
THE PLANNING define everyone's roles and responsibilities. ensure your employees are properly trained, plan must be tested. do mock scenarios
6. Documentation
analyze and document everything about the breach
3) Containment
CONTAIN the breach to stop further damage. do we have to segregate the network? shutdown the system? turn off a service?
What are the steps to an incident response process?
Preparation, reporting, identification, containment, eradication, recovery, and documentation
2) Identification
What has been breached? What have the users reported? check monitoring tools, watch alert and logs, assess the impact, define who is involved
4) Eradication
eliminate it! remove malware, close off vulnerabilities systems should be hardened and patched, updates applied
5) Recovery
restoring and returning systems that were affected.