Join Mike Chapple for an in-depth discussion in this video Building an incident response team, part of SSCP Cert Prep: 4 Incident Response and Recovery.
- [Instructor] Eradication and recovery processes…are complex and they require different activities…depending upon the nature of the compromise.…Therefore it's very important…that you validate your work…before declaring an incident resolved.…Validation is the final activity that you should undertake…during the containment, eradication, and recovery phase,…and you should do this before moving on…to post-incident activities.…When you're conducting a validation,…make sure that you check the security…of every system on your network,…with a particular focus on those…that were involved in the compromise.…
Now that might sound like a tremendous amount of work,…but you can automate this…with the help of configuration management tools.…You'll want to pay particular attention…to ensuring that all of your systems are patched…with current security updates…and they're protected against known vulnerabilities.…In addition to validating system configurations…with a configuration management tool,…you should also use vulnerability scanners…
- Building an incident response program
- Escalation and notification
- eDiscovery process
- Conducting investigations
- System and file forensics
- Reporting and documenting incidents
- Business continuity planning
- Validating backups
- Testing BC/DR plans
Skill Level Intermediate
Q: This course was updated on 06/01/2018. What changed?
A: We updated three videos, covering creating an incident response program, communications plan, and response team.
Insights from a Cybersecurity Professionalwith Mike Chapple32m 15s Appropriate for all
IT Security Foundations: Core Conceptswith Lisa Bock1h 13m Beginner
IT Security Careers and Certifications: First Stepswith Marc Menninger2h 6m Appropriate for all
1. Incident Management
2. Investigations and Forensics
3. Business Continuity
4. Disaster Recovery
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.