Appropriate Response: More Questions Than Answers

by Chris Loomis Sept. 1, 2017 via Symantec

So, just how far should security administrators go to protect their systems? What is an appropriate response to a detected security incident? Ask ten security professionals that question and you will most likely get ten different answers. Ask them more specific questions – such as, how do you handle active intrusions? Denial of service attacks? Probes? - and eventually you will be able to piece together their response set, a collection of reactions tailored to particular attacks or threats.

https://www.symantec.com/connect/articles/appropriate-response-more-questions-answers