Incident Response

A process in dealing with security incidents or negative events.

First Response

• Securing the area
  • Physically Lock down the area
  • Stop all network traffic
• Determining scope of incident
  • Review log files
  • Question users
• Analyzing impact the incident may have
• Copy drives byte-for-byte

Incident Reporting

• Documenting incident
• Submit on Organization Knowledge Base

Inform Management/Law Enforcement

• Determine If incident is low level, requires escalation or requires law enforcement

Incident Response Plans

Security Framework

Tools

• https://www.ultimatewindowssecurity.com/
• https://www.jpcert.or.jp/english/
• https://www.sans.org/posters/