OPERATIONS MANUAL: Stage 1 - Active: Response Phase

by Hal Flynn
Sept. 17, 2017 1 comment Symantec Detection & Response incident handling

The highest priority task for the IPC is to respond to incidents as they occur. This may involve working with the affected organisation to determine the cause of the incident and help them to become secure again, or it may involve finding a solution to a vulnerability that is actively being exploited to compromise many organisational assets. Reactive response is always done on a priority basis and involves three stages--containment, eradication and recovery-- followed by a post-incident analysis. Whatever is done must be consistent with security policies.


2flash 5 months, 1 week ago

Very balanced! I like how the author is presenting these aspects and they way he created the structure of this article!