0
10kviews
What are the goals of incident response ?

Subject: Digital Forensics

Topic: Introduction

Difficulty: High

1 Answer
1
1.0kviews

The primary goal of incident response is to effectively remove a threat from the organization’s computing environment, while minimizing damages and restoring normal operations as quickly as possible.

This goal is accomplished through two main activities:

  • List item
  • Investigate
  • Determine the initial attack vector
  • Determine malware and tools used
  • Determine what systems were affected, and how
  • Determine what the attacker accomplished (damage assessment)
  • Determine if the incident is ongoing
  • Establish the time frame of the incident
  • Remediate
  • Using the information obtained from the investigation, develop and implement a remediation plan
Please log in to add an answer.