From the course: SSCP Cert Prep: 4 Incident Response and Recovery
Join today to access over 24,200 courses taught by industry experts.
Incident identification
From the course: SSCP Cert Prep: 4 Incident Response and Recovery
Incident identification
- [Instructor] Once you have an incident response plan in place and a team prepared, the incident response process then enters a state of perpetual monitoring, watching for signs that an incident is occurring or has already taken place. There are many different ways that an organization might identify a security incident. The key to successful incident identification is having a robust security monitoring infrastructure. Data is crucial to incident detection and organizations have a responsibility to collect, analyze, and retain security information. Now, there are many different information sources that may contribute data that's crucial to identifying and analyzing a possible security incident. These include intrusion detection and prevention systems, firewalls, authentication systems, system and file integrity monitoring systems, vulnerability scanners, system event logs, netflow connection records, and anti-malware…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
Build an incident response program4m 26s
-
Creating an incident response team2m 17s
-
(Locked)
Incident communications plan2m 44s
-
(Locked)
Incident identification4m 30s
-
(Locked)
Escalation and notification2m 30s
-
(Locked)
Mitigation2m 25s
-
(Locked)
Containment techniques3m 2s
-
(Locked)
Incident eradication and recovery5m 37s
-
(Locked)
Validation2m 24s
-
(Locked)
Post-incident activities3m 52s
-
(Locked)
Incident response exercises1m 39s
-
-
-
-
-
-