Incident detection and verification. | Identify correct incident response team. |
Roles & responsibilities for the incident response. | Notify incident response team. |
Create an incident ticket. | Identify affected systems, assets and services. |
Incident categorization and severity level. | Use preexisting incident response plans. |
Use preexisting procedures for incident resolution. | Incident communication and escalation. |
Manage stakeholder communications. | Update the incident ticket with everything that you do. |
Collect and preserve evidence. | Incident analysis and troubleshooting. |
Isolate affected systems. | Use of monitoring tools. |
Analysis of logs and system events. | Employ debugging and diagnostic tools. |
Review configuration and settings. | Review recent changes leading up to incident. |
Solution identification and testing. | Implement temporary fixes. |
Rebuild and recover. | Restore systems from backup. |
Validate the integrity of fixes. | Restore service. |
Identify the root cause. | Remove malware or unauthorized access. |
Patch or fix vulnerabilities. | Apply permanent fixes. |
Monitor for any signs of reoccurrence. | Conduct a post-incident review. |
Comply with any regulatory reporting requirements. | Update the incident response plan. |
