Week 9 - Incident Response
There is an incident response cycle that highlights how incidents should be handled. The cycle contains the following stages:
- Preparation
- Detection and Analysis
- Containment
- Eradication and Recovery
- Post-Incident Activities
One of the stages in this cycle that I found to be interesting was the containment stages. The containment stage is done once you know that a threat agent has compromised the security of a system. Containment comprises a set of actions that attempts to deny the threat agent the ability to cause further damage. In the containment stage, the security professionals strive to completely eradicate the threat. Within containment, there is a strategy of segmentation.
Segmentation divides a network into subnetworks so that hosts in different segments are not able to communicate directly with each other. The big advantage of network segmentation is that compromises can be constrained to a network segment in which they started. That way, it can be easier to analyze the threat through the segmented network.
Comments
Post a Comment