Online Courses
Cyber Incident Response
Online Courses
Cyber Incident Response
  • Cyber Incident Response
  • Incident Response Fundamentals
    • Introduction to Incident Response
    • Why is incident response needed?
    • Incident Response Phases
    • Business Continuity and Disaster Recovery roles
    • Building an IR playbook
    • Building and IR team
    • Quiz
  • Stages of Incident Response
    • Incident definitions and severity criteria
    • Identifying threats and vulnerabilities
    • Incident Response assets inventory and identification
    • Incident identification
      • Incident Response classification levels
      • Communication/notification of an incident
      • Identification tools and techniques
    • Incident containment
      • Determining status of infected/affected computing resources
      • Containment actions
      • Containment tools and techniques
    • Incident investigation
      • Investigation data sources
      • The role of Digital Forensics
    • Incident eradication
      • Cleanup and verification
      • Notification
      • Eradication tools and techniques
    • Incident recovery
      • Service and System restoration
      • Certification and validation of Business Continuity
      • Recovery and restoration tools and techniques
  • Follow Up / Lessons Learned
    • Assessing the team and processes' effectiveness
    • Implementing improvements
    • Feedback from other teams in the organization
    • Quiz
  • Understanding the Incident Response process and tools quiz
Powered by GitBook
On this page
  • What needs to be notified?
  • IR team
  • Upper management
  • Media/public
  1. Stages of Incident Response
  2. Incident eradication

Notification

What needs to be notified?

  • IR team first

  • Upper management

  • Anyone else after

  • Media/public last

  • Not everyone will even know there's an incident

    • Don't accidentally disclose it by notification of eradication

IR team

Should be notified first

Give the whole team the opportunity to agree/vet status

Team can start preparing for next phase ASAP

Will usually organically be the first to know

Upper management

Consider how this will be communicated to upper management

Be sure they are clear on the definition of eradication

Likely won't be an extremely technical audience

Be sure legal and PR are informed

  • Possibly remind upper management

Media/public

Should be facilitated by legal and PR

Should generally only include factual information

PreviousCleanup and verificationNextEradication tools and techniques

Last updated 8 months ago