The Training Course Overview
The Incident Response Plan serves as a roadmap for what to do when responding to a security incident, to ensure you have a strategic response rather than a reactive one.
Prepare your incident response plan
- Back-up data and make sure you can re-install from the back-ups.
- Make sure everyone knows how to report a possible incident.
- Find good technical external incident response support.
Respond to an incident
- Isolate the problem – immediately get the device off the network
- Identify the type of incident and take the following action:
- Determine the scope of the incident Is it still ongoing?
- Determine if it can be properly controlled.
- Keep checking for the problem to return.
Recover after the crisis is over
- Notify all affected parties
- Re-set the user ID and password of the compromised device
- Patch all of the devices
- Reinstall software and data from back-ups as needed
- Incident Response Checklist