OPERATIONS MANUAL Stage One: Active Detection Phase

by Hal Flynn
Sept. 17, 2017 1 comment Symantec Detection & Response

The IPC acts as a Point of Contact for security reporting and assistance. If someone detects some unusual or suspicious event related to the organisation's networks, computers or information, they can relay the details of the incident to the IPC for investigation. The results of the investigation will be provided back to the originator and, in most cases, will be posted to the IPC's intranet web site. It is often difficult to determine if the unusual or suspicious event is symptomatic of an incident because apparent evidence of security incidents often indicates a problem with system configuration, untested application program, hardware failure, or frequently user errors. Typical indications of security incidents include any or all of the following:ts


2flash 7 months, 1 week ago

You can easily see by just reading the description that some serious documentation was done here....