Please enable JavaScript.
Coggle requires JavaScript to display documents.
Incident Response (Response (Activate a CSIRT team, Protect and collect…
Incident Response
Response
Activate a CSIRT team
Protect and collect evidence
DO NOT TURN OFF SOMETHING
Reporting
Report to upper-management
Report to legals
Report affected individuals
Recovery
Recover the system
Restoring data
Restoring configuration
Remediation
Root cause analysis
How to prevent incident from happening again
Patches
Detection
Alerts
Identify false or positive
Detection by users
Mitigation
Containment (isolation/disabling NIC)
Monitor attacker's activity
Lessons Learned
Assessing the quality of previous response steps
Looking for inprovement