The IT Law Wiki

Incident response process

32,063pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

The incident response process

has four steps: preparation, detection and analysis, containment or eradication and recovery, and post-incident activity. Preparation includes building malware-related skills, improving communications, and acquiring the necessary tools and resources. Detection and analysis involves analyzing incidents and validating that malware is the cause, identifying which hosts are involved, and prioritizing incident handling. Containment includes stopping the spread of malware and preventing further damage; eradication removes malware from infected hosts; and recovery involves restoring functionality and removing containment measures. Finally, post-incident activity consists of conducting a comprehensive assessment of lessons learned.[1]

References Edit

  1. Information Technology Laboratory, "ITL Publishes Guidance on Preventing and Handling Malware Incidents" 2 (Sept. 2013) (full-text).

Also on Fandom

Random Wiki