Menu

2.7 Given an incident, implement the appropriate response.

Event classifications

 False positive

 False negative

 True positive

 True negative

Triage event

Preescalation tasks

Incident response process

 Preparation

 Detection

 Analysis

 Containment

 Recovery

 Lessons learned

Specific response playbooks/processes

 Scenarios

  Ransomware
  Data exfiltration
  Social engineering

 Non-automated response methods

 Automated response methods

  Runbooks
  SOAR

Communication plan

Stakeholder management

Security Operations

CASP+ Home