From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Mitigation
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Mitigation
- [Instructor] As the full incident response team assembles, they move from the isolation and quarantine strategy used by first responders into a full incident mitigation mode. The goal of this mitigation phase is controlling the damage and loss caused to the organization by performing a full range of incident containment activities. The nature of those activities will vary based upon the severity of the incident. The National Institute for Standards and Technology suggests six criteria that responders may use when evaluating a potential containment strategy. First, responders should consider the potential for damage and theft of resources during the incident. Second, they should evaluate the need for evidence preservation and the effect that the strategy might have on the ability to preserve evidence. Third responders should evaluate service availability requirements and the impact of different containment strategies…
Contents
-
-
-
-
(Locked)
Build an incident response program4m 33s
-
(Locked)
Creating an incident response team2m 25s
-
(Locked)
Incident communications plan2m 51s
-
(Locked)
Incident identification3m 50s
-
(Locked)
Escalation and notification2m 42s
-
(Locked)
Mitigation2m 46s
-
(Locked)
Containment techniques3m 21s
-
(Locked)
Incident eradication and recovery4m 38s
-
(Locked)
Validation2m 40s
-
(Locked)
Post-incident activities4m 2s
-
(Locked)
-
-
-