A Six-Stage Methodology for Incident Response
Now that the reasons for following an incident response methodology are clear, it is time to become acquainted with the methodology advocated in this chapter. The particular methodology presented here is by no means the only one that has ever been invented, but it is certainly the oldest[1] and most time-honored methodology in the incident response arena. It consists of six stages: preparation, detection, containment, eradication, recovery, and follow-up. (The acronym PDFCERF embodies the first letters of all six stages; see Figure 3.1.) The next sections cover each of these stages in detail.
[1] The six-step methodology presented in this part of the book was created at the Invitational Workshop on ...
Get Incident Response: A Strategic Guide to Handling System and Network Security Breaches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
