Post-incident response

With the incident behind you, you still aren't done yet. There are three more actions that must occur, including root-cause analysis, lessons learned, and after-action reporting.

- [Instructor] So after the incident response team…has conducted their assessment, performed their actions,…and worked with the system administrators…to correct the incident,…the organization is still not fully done…with this incident.…Instead, there are three more things…that have to be completed.…The root cause analysis,…the lessons learned process,…and the after-action report.…The root cause analysis is a systematic process…to identify the initial source of the incident…and how to prevent it from occurring again.…This analysis usually occurs using a four-step process.…

First, you define and scope the incident.…Second, you determine the causal relationships…that led to the incident.…Third, you identify an effective solution.…And fourth, you implement and track the solutions…to ensure the incident is fully resolved.…So, let's consider the example…of a malware infection in your organization.…First, you'd want to determine the initial cause…of the incident.…Maybe it was caused by malware being introduced…to your network by a user plugging in a thumb drive…

Resume Transcript Auto-Scroll

Author

Jason Dion

Skill Level Advanced

1h 51m

Duration

18,014

Views

Show More Show Less

Related Courses

Introduction
- Enterprise Security Operations
  1m 49s
- What you should know
  1m 18s
- About the exam
  1m 42s
1. Security Assessments
- What are security assessments?
  1m 40s
- Vulnerability assessments
  4m 20s
- Physical security assessments
  1m 40s
- Malware analysis
  2m 21s
- Penetration testing
  2m 26s
- Penetration testing methods
  3m 8s
- Penetration testing steps: Reconnaissance
  1m 41s
- Penetration testing steps: Fingerprinting
  1m 51s
- Penetration testing steps: Exploitation
  2m
- Penetration testing steps: Pivoting and covering tracks
  1m 59s
- Penetration testing steps: Social engineering
  2m 52s
- Internal vs. external audits
  1m 37s
- Self-assessments: Team exercises
  1m 31s
- Code reviews
  2m 38s
2. Tools Used in Security Assessments
- What kinds of tools do we use for security assessments?
  1m 8s
- Port scanners
  1m 36s
- Vulnerability scanners
  1m 14s
- Protocol analyzers
  1m 26s
- SCAP scanners and tools
  57s
- Network enumerator
  1m 52s
- Password crackers
  1m 23s
- Fuzzer
  1m 9s
- HTTP interceptor
  1m 6s
- Exploitation tools and frameworks
  1m 14s
- Visualization tools
  1m 43s
- Log reduction and analysis tools
  1m 31s
- File integrity monitoring and antivirus
  1m 26s
- Command line tools
  1m 20s
- Physical security tools
  1m 38s
- Reverse engineering tools
  1m 2s
3. Incident Response
- Why are incident response and recovery so important?
  1m 11s
- E-discovery
  1m 43s
- Electronic inventory and asset control
  1m 57s
- Data retention policies
  1m 55s
- Data recovery and storage
  1m 34s
- Data ownership
  2m 44s
- Data handling
  2m 41s
- Legal holds
  1m 27s
- Data breach
  4m 59s
- Incident detection and response
  2m 9s
- Incident and emergency response
  1m 19s
- Chain of custody
  4m 3s
- Forensic analysis
  2m 5s
- Order of volatility
  1m 33s
- Continuity of operations and disaster recovery
  1m 28s
- Severity of the incident
  3m 1s
- Incident response team
  1m 57s
- Post-incident response
  3m 5s
4. Tools Used in Incident Response and Recovery
- Tools used in incident response
  1m 23s
- Disk imaging
  2m 18s
- Network packet capture and analysis
  1m 41s
- nbtstat and netstat
  1m 12s
- Netcat
  1m 2s
- Memory forensics
  1m 14s
- File carving
  1m 12s
- FTK and EnCase
  1m 12s
- Specialized tools for mobile devices
  1m 32s
Conclusion
- Next steps
  2m 30s

Show MoreShow Less

Take notes with your new membership!

Type in the entry box, then click Enter to save your note.

1:30Press on any video thumbnail to jump immediately to the timecode shown.

Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.

Start My Free Month

Skills covered in this course

Security IT

Lynda.com is now LinkedIn Learning!

To access Lynda.com courses again, please join LinkedIn Learning

Categories

3D + Animation Topics

3D + Animation Software

3D + Animation Learning Paths

Audio + Music Topics

Audio + Music Software

Audio + Music Learning Paths

Business Topics

Business Software

Business Learning Paths

Business Guides

CAD Topics

CAD Software

CAD Learning Paths

Design Topics

Design Software

Design Learning Paths

Developer Topics

Developer Software

Developer Learning Paths

Education + Elearning Topics

Education + Elearning Software

Education + Elearning Learning Paths

IT Topics

IT Software

IT Learning Paths

Marketing Topics

Marketing Software

Marketing Learning Paths

Photography Topics

Photography Software

Photography Learning Paths

Video Topics

Video Software

Video Learning Paths

Web Topics

Web Software

Web Learning Paths

Web Guides

Post-incident response

Author

Skill Level Advanced

Duration

Views

Related Courses

CompTIA Security+ (SY0-501) Cert Prep: 1 Threats, Attacks, and Vulnerabilities

CompTIA Security+ (SY0-501) Cert Prep: 2 Technologies and Tools

CompTIA Security+ (SY0-501) Cert Prep: 3 Architecture and Design

CompTIA Security+ (SY0-501) Cert Prep: 5 Risk Management

CASP+ Cert Prep: 1 Risk Management

Introduction

1. Security Assessments

2. Tools Used in Security Assessments

3. Incident Response

4. Tools Used in Incident Response and Recovery

Conclusion

Take notes with your new membership!

Skills covered in this course

Continue Assessment

Start My Free Month