Incident Response

The preparation phase is about ensuring you have the appropriate (response plans, policies, call trees, and other documents in place and that you have identified the members of your incident response team including external entities.

In the identification phase, you need to work out whether you are dealing with an event or an incident. This is where understanding your environment is critical as it means looking for significant deviations from “normal” traffic baselines or other methods.

Crafting experiences that your users adore. We are committed to get more business.

Double says that as you head into the containment stage you will want to work with the business to limit the damage caused to systems and prevent any further damage from occurring. This includes short and long-term containment activities.

During the fourth stage, the emphasis is on ensuring you have a clean system ready to restore. This may be a complete reimage of a system or a restore from a known good backup.

At this point, it’s time to determine when to bring the system back into production and how long we monitor the system for any signs of abnormal activity.

This final stage is often skipped as the business moves back into normal operations but it’s critical to look back and heed the lessons learned. These lessons will allow you to incorporate additional activities and knowledge back into your incident response process to produce better future outcomes and additional defenses.