Week 11 Posting - Incident Response Steps

 In week 11 of BSIT 380 we covered the ways of classifying steps on incident response and how different certifying organizations have different terms. One thing that was a constant was that the steps were separated and many of the term are Cybers security items. When an attack is being repaired it will fall into one of the following categories: Validation, eradication, post-incident activities and containment. The goal with any attack is to isolate to prevent any additional attack surfaces from being attacked, this is done with containment. The next step when a system is either disconnected or in non-LAN/non-web facing environment is to eradicate the attack and any reminisce of it. Next would be to go back and validate that no virus is found in any system files or any network local services that hold the same signature is being used. Finally a incident report or meeting will take place to brief the higher ups on what caused the issue and the steps taken to eradicate the issue as well as what steps are being taken to prevent this from happening again.