Differences

This shows you the differences between two versions of the page.

--- incident_response [2026/06/02 13:07] – created reidjs
+++ incident_response [2026/06/09 16:50] (current) – reidjs
@@ Line 1: / Line 1: @@
 ====== Incident Response ======
 Six steps
-. prepare
+  - 1. prepare: establish a formal incident response plan
-. identify
+  - 2. identify: monitor network and system events, correlate alerts, and detect anaomalous behavior to confirm if a security incident has occurred
-. contain
+  - 3. contain: isolate compromised systems to stop the attack from spreading
-. eradicate
+  - 4. eradicate: remove the threat and eradicate the attacker's foothold, patch vulns that allowed the breach to happen
-. recovery
+  - 5. recovery: restore clean sytems to production, verify they are operating normally, resume standard business practices
-. lessons learned
+  - 6. lessons learned: analyze the incident to understand how the attacker got in