Caveats

After reading this chapter, you might be tempted to think that if you use the PDCERF methodology to respond to incidents, things will somehow simply go better. Additionally, you might assume that you will do what is required to address the issues in one stage and then close these issues, moving on to the next.

Unfortunately, the real world does not work this way. Many security-related incidents do not unfold themselves in a serial manner. Just when you think that you have eradicated the cause of an incident, something else might happen that causes you to realize that whatever has caused the incident has surfaced again. You might have just done your best to contain an incident when another just like it occurs.

Several caveats will help ...

Get Incident Response: A Strategic Guide to Handling System and Network Security Breaches now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.