Nine InfoSec Courses at SANS Chicago 2017. Save $200 thru July 19.

IDFAQ: What are the steps to handle an incident?

More than 90 experienced incident handlers agreed on the following steps:
  • Remain calm; don't hurry.
  • Notify your organization's management.
  • Provide a game plan (with options if possible).
  • Apply need-to-know.
  • Use out-of-band communications; avoid email and other network-based communications channels.
  • Take good notes, good enough to serve as evidence in a court of law.
  • Contain the problem; pull the network cable.
  • Back up the system(s), and collect evidence.
  • Eradicate the problem and get back in business.
  • Lessons learned, apply what you have learned.
 
 
What do I have to do to preserve evidence?
IDFAQ: What are the steps to handle an incident?
Data Breach Summit & Training - Chicago
Latest Whitepapers

Securing Industrial Control Systems-2017
By Bengt Gregory-Brown

Using Docker to Create Multi-Container Environments for Research and Sharing Lateral Movement
By Shaun McCullough

Loki-Bot: Information Stealer, Keylogger, & More!
By Rob Pantazopoulos

Last 25 Papers »

Latest Tweets @SANSInstitute

Understand attackers' tactics & strategies in detail wit [...]
July 13, 2017 - 4:50 PM

Newly discovered #cyberattack vectors, vulnerabilities with [...]
July 13, 2017 - 4:45 PM

Limited Time MacBook Air Special Offer | Training on Your Te [...]
July 13, 2017 - 4:02 PM

Contact Us

301-654-SANS(7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU