With the incident behind you, you still aren't done yet. There are three more actions that must occur, including root-cause analysis, lessons learned, and after-action reporting.
- [Instructor] So after the incident response team…has conducted their assessment, performed their actions,…and worked with the system administrators…to correct the incident,…the organization is still not fully done…with this incident.…Instead, there are three more things…that have to be completed.…The root cause analysis,…the lessons learned process,…and the after-action report.…The root cause analysis is a systematic process…to identify the initial source of the incident…and how to prevent it from occurring again.…This analysis usually occurs using a four-step process.…
First, you define and scope the incident.…Second, you determine the causal relationships…that led to the incident.…Third, you identify an effective solution.…And fourth, you implement and track the solutions…to ensure the incident is fully resolved.…So, let's consider the example…of a malware infection in your organization.…First, you'd want to determine the initial cause…of the incident.…Maybe it was caused by malware being introduced…to your network by a user plugging in a thumb drive…
Author
Released
8/27/2018We are a CompTIA Content Publishing Partner. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.
- Security assessments
- Audits
- Code reviews
- Assessment tools: Scanners, enumerators, exploitation tools, and more
- Incident response
- Incident response tools: Disk imaging, packet capture, memory forensics, and more
Skill Level Advanced
Duration
Views
Related Courses
-
CASP+ Cert Prep: 1 Risk Management
with Jason Dion2h 34m Advanced
-
Introduction
-
What you should know1m 18s
-
About the exam1m 42s
-
1. Security Assessments
-
Vulnerability assessments4m 20s
-
Malware analysis2m 21s
-
Penetration testing2m 26s
-
Internal vs. external audits1m 37s
-
Code reviews2m 38s
-
2. Tools Used in Security Assessments
-
Port scanners1m 36s
-
Vulnerability scanners1m 14s
-
Protocol analyzers1m 26s
-
Network enumerator1m 52s
-
Password crackers1m 23s
-
Fuzzer1m 9s
-
HTTP interceptor1m 6s
-
Visualization tools1m 43s
-
Command line tools1m 20s
-
Physical security tools1m 38s
-
3. Incident Response
-
E-discovery1m 43s
-
Data retention policies1m 55s
-
Data recovery and storage1m 34s
-
Data ownership2m 44s
-
Data handling2m 41s
-
Legal holds1m 27s
-
Data breach4m 59s
-
Chain of custody4m 3s
-
Forensic analysis2m 5s
-
Order of volatility1m 33s
-
Severity of the incident3m 1s
-
Incident response team1m 57s
-
Post-incident response3m 5s
-
4. Tools Used in Incident Response and Recovery
-
Disk imaging2m 18s
-
nbtstat and netstat1m 12s
-
Netcat1m 2s
-
Memory forensics1m 14s
-
File carving1m 12s
-
FTK and EnCase1m 12s
-
Conclusion
-
Next steps2m 30s
-
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.
CancelTake notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Post-incident response