====== Incident Response ======
Six steps
  - 1. prepare: establish a formal incident response plan
  - 2. identify: monitor network and system events, correlate alerts, and detect anaomalous behavior to confirm if a security incident has occurred
  - 3. contain: isolate compromised systems to stop the attack from spreading 
  - 4. eradicate: remove the threat and eradicate the attacker's foothold, patch vulns that allowed the breach to happen
  - 5. recovery: restore clean sytems to production, verify they are operating normally, resume standard business practices
  - 6. lessons learned: analyze the incident to understand how the attacker got in