Incident response procedures
The SANS Institute describes a six-step incident handling process, as shown in the following diagram. The first step, Preparation, corresponds to incident response preparation processes and procedures, while the other five steps (Identification, Containment, Eradication, Recovery, and Lessons Learned) correspond to incident handling processes and procedures:
Figure 18.3 – SANS Institute – six-step incident handling process
The following procedures provide more details about how the steps in each of the process flows are to be accomplished. Because of the diverse nature of incidents, the procedures do not attempt to give step-by-step instructions but rather focus on a methodology to organize effort, manage resources, and communicate about incidents to stakeholders.
Incident response preparation process
As shown in the following diagram, all the tasks of the incident response preparation process shown in green...