From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Incident eradication and recovery
From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
Incident eradication and recovery
- [Instructor] Once you've successfully contained a security incident, you can take a moment to breathe a sigh of relief, but the work of incident response has only just begun. You've managed to contain the damage caused by the incident, but now you must move on to the eradication and recovery stages of the process. Your goal during eradication is to remove any traces of the incident from your systems and networks. If attackers compromised user accounts, you'll need to secure those accounts. If they compromise systems or network devices, you'll need to secure those configurations as well. Basically, you need to go through your network and remove any traces of the security incident so that you can be certain that you've effectively secured your organization. The second goal you have during this stage of the process is recovery. This means that you need to restore normal business operations. Now, while the process…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
Build an incident response program4m 13s
-
(Locked)
Creating an incident response team2m 15s
-
(Locked)
Incident communications plan2m 42s
-
(Locked)
Incident identification4m 26s
-
(Locked)
Escalation and notification2m 29s
-
Mitigation2m 22s
-
(Locked)
Containment techniques3m
-
(Locked)
Incident eradication and recovery5m 28s
-
(Locked)
Validation2m 24s
-
(Locked)
Post-incident activities3m 50s
-
Incident response exercises1m 37s
-
-
-
-
-