From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Post-incident activities
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Post-incident activities
- [Narrator] Once the incident response team returns the organization to a normal operating state, all too often the response effort ends without completing an important final step, post-incident activities. Let's talk about three important post-incident activities, the lessons learned process, evidence retention, and the generation of indicators of compromise. The lessons learned process is designed to provide everyone involved in the incident response effort with an opportunity to reflect on their individual role in the incident and the team's response overall. It's an opportunity to improve the processes and technologies used in incident response to better respond to future security crises. The most common way to conduct lessons learned is to gather everyone in the same room or connect them via video conference or telephone and ask a trained facilitator to lead a lessons learned session. Ideally, this facilitator should…
Contents
-
-
-
-
(Locked)
Build an incident response program4m 33s
-
(Locked)
Creating an incident response team2m 25s
-
(Locked)
Incident communications plan2m 51s
-
(Locked)
Incident identification3m 50s
-
(Locked)
Escalation and notification2m 42s
-
(Locked)
Mitigation2m 46s
-
(Locked)
Containment techniques3m 21s
-
(Locked)
Incident eradication and recovery4m 38s
-
(Locked)
Validation2m 40s
-
(Locked)
Post-incident activities4m 2s
-
(Locked)
-
-
-