Lay the groundwork for effective response.
The aftermath of a breach or other incident can be chaotic, and the last thing you want is to be making up an incident response plan on the fly. This guide provides a list of basic response actions that security teams can follow as they respond to incidents.
You will find basic response actions for:
- High criticality incidents such as successful exploitation of a vulnerability or data exfiltration
- Medium criticality incidents like malware downloads or remote access to external domains
- Low criticality incidents such as adware, riskware, and peer-to-peer software
Security teams of all sizes and industries can use this as a building block to create a brand new response process or improve their existing one.