From the course: ISC2 Systems Security Certified Practitioner (SSCP) (2024) Cert Prep

Unlock this course with a free trial

Join today to access over 24,900 courses taught by industry experts.

Containment techniques

Containment techniques

From the course: ISC2 Systems Security Certified Practitioner (SSCP) (2024) Cert Prep

Start my 1-month free trial Buy for my team

Containment techniques

- [Narrator] The first minutes and hours of a cybersecurity incident are an incredibly stressful time. You've conducted some initial analysis and you've determined that an incident is taking place, and you know that there is an intruder active in your network. You've been compromised and the next steps that you take will play a significant role in the outcome of the incident. In the NIST incident handling process you've moved from the detection and analysis phase into the containment, eradication and recovery phase. If you've done your work well in the preparation phase this is where it all pays off. The biggest difference between the earlier phases and this phase is that you've shifted from the passive activities of detection and analysis into an active phase where you're taking actions in response to the incident. Now as we've discussed, your first priority should be containing the damage caused by the incident. You want…

Contents