Incident Handling
Having a solid Incident Response (IR) process will enhance the foundation of your security posture. Your incident handling process should dictate how to handle security incidents and respond to them rapidly.
The next step will involve learning how to put all the available tools and talent together to handle an incident. This chapter will go beyond the tools, and you will also learn how to approach an incident, ask the right questions to find the root cause, and narrow down the scope to be able to go from incident red status to green. In the second part of the chapter, we will learn about phishing incident handling as an example. Phishing is still one of the biggest attack vectors for any organization, and it will be useful to cover incidents of this type separately.
In this chapter, we're going to be covering the following topics:
- The NIST definition of a security incident
- The incident response process
- Handling an incident...