Fandom

The IT Law Wiki

Incident response process

32,195pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Definition Edit

The incident response process

has four steps: preparation, detection and analysis, containment or eradication and recovery, and post-incident activity. Preparation includes building malware-related skills, improving communications, and acquiring the necessary tools and resources. Detection and analysis involves analyzing incidents and validating that malware is the cause, identifying which hosts are involved, and prioritizing incident handling. Containment includes stopping the spread of malware and preventing further damage; eradication removes malware from infected hosts; and recovery involves restoring functionality and removing containment measures. Finally, post-incident activity consists of conducting a comprehensive assessment of lessons learned.[1]

References Edit

  1. Information Technology Laboratory, "ITL Publishes Guidance on Preventing and Handling Malware Incidents" 2 (Sept. 2013) (full-text).

Also on Fandom

Random Wiki