From the course: ISC2 Systems Security Certified Practitioner (SSCP) (2024) Cert Prep

Unlock this course with a free trial

Join today to access over 24,900 courses taught by industry experts.

Incident eradication and recovery

Incident eradication and recovery

From the course: ISC2 Systems Security Certified Practitioner (SSCP) (2024) Cert Prep

Start my 1-month free trial Buy for my team

Incident eradication and recovery

- [Instructor] Once you've successfully contained a security incident, you can take a moment to breathe a sigh of relief, but the work of incident response has only just begun. You've managed to contain the damage caused by the incident, but now you must move on to the eradication and recovery stages of the process. Your goal during eradication is to remove any traces of the incident from your systems and networks. If attackers compromised user accounts, you'll need to secure those accounts. If they compromise systems or network devices, you'll need to secure those configurations as well. Basically, you need to go through your network, and remove any traces of the security incident, so that you can be certain that you've effectively secured your organization. The second goal you have during this stage of the process is recovery. This means that you need to restore normal business operations. Now, while the process…

Contents