O'Reilly logo

Advanced Persistent Security by Araceli Treu Gomes, Ira Winkler

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 18

Incident Response and Investigations

Abstract

When an attack begins, eventually an alert fires and kicks off investigative and responsive activities. Then incident response (IR) moves through several different phases intended to act against an attack on an organization. The order of operations associated with IR, from identification of the problem to ongoing resolution, can be defined like many other 12-step programs designed to guide behaviors, control compulsions, and otherwise recover from destructive circumstances. The 12 steps are detailed in this chapter.

Keywords

12-Step program; Incident response; Malware; Order of operations; Response readiness

Incident Response is Complicated

Although the section title sounds both basic and obvious, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required