From the course: ISC2 Certified Information Systems Security Professional (CISSP) (2024) Cert Prep

Unlock this course with a free trial

Join today to access over 22,700 courses taught by industry experts.

Containment techniques

Containment techniques

- [Narrator] The first minutes and hours of a cybersecurity incident are an incredibly stressful time. You've conducted some initial analysis and you've determined that an incident is taking place and you know that there is an intruder active in your network. You've been compromised, and the next steps that you take will play a significant role in the outcome of the incident. In the NIST incident handling process, you've moved from the detection and analysis phase into the containment, eradication, and recovery phase. If you've done your work well in the preparation phase, this is where it all pays off. The biggest difference between the earlier phases and this phase is that you've shifted from the passive activities of detection and analysis into an active phase where you're taking actions in response to the incident. Now, as we've discussed, your first priority should be containing the damage caused by the incident. You want to limit the future activity of the attacker so that they…

Contents