Chapter 30. Planning for Incident Response
In this chapter: | |
Creating an Incident Response Team | 649 |
Defining Incident Response Policy | 653 |
Creating a Communications Plan | 660 |
Best Practices | 667 |
Additional Information | 668 |
Even if your network has solid protections in place, a determined attacker will almost certainly be able to penetrate your defenses at some point in time. Without a solid knowledge of what is normal, it can be very difficult to detect attackers. In addition to understanding the baseline of your network and its “normal” behavior, monitoring audits and other logs to detect anomalous behavior, and maintaining an inquisitive skepticism, you must have a framework to respond to security incidents. In this chapter, we look at the planning that ...
Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.