Talk With an Expert

Incident Management 101 Preparation and Initial Response (aka Identification)

Incident Management 101 Preparation and Initial Response (aka Identification) (PDF, 2.62MB)Published: 17 Jan, 2005
Created by
Robin Dickerson

According to SANS, there are six steps involved in properly handling a computer incident: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned. Incident Management 101 provides guidelines, procedures, and tools designed to assist security specialists with the first two phases of Incident Management Preparation and Initial Response (aka Identification phase). The intended audience is for incident handlers who are responding to suspicious activity (versus malicious code or DOS attacks) on both Unix and Windows systems. The guidelines, procedures and tools described are intended for business recovery, not for legal purposes such as preservation of evidence, forensic analysis, or prosecution.