Online Courses
Cyber Incident Response
Online Courses
Cyber Incident Response
  • Cyber Incident Response
  • Incident Response Fundamentals
    • Introduction to Incident Response
    • Why is incident response needed?
    • Incident Response Phases
    • Business Continuity and Disaster Recovery roles
    • Building an IR playbook
    • Building and IR team
    • Quiz
  • Stages of Incident Response
    • Incident definitions and severity criteria
    • Identifying threats and vulnerabilities
    • Incident Response assets inventory and identification
    • Incident identification
      • Incident Response classification levels
      • Communication/notification of an incident
      • Identification tools and techniques
    • Incident containment
      • Determining status of infected/affected computing resources
      • Containment actions
      • Containment tools and techniques
    • Incident investigation
      • Investigation data sources
      • The role of Digital Forensics
    • Incident eradication
      • Cleanup and verification
      • Notification
      • Eradication tools and techniques
    • Incident recovery
      • Service and System restoration
      • Certification and validation of Business Continuity
      • Recovery and restoration tools and techniques
  • Follow Up / Lessons Learned
    • Assessing the team and processes' effectiveness
    • Implementing improvements
    • Feedback from other teams in the organization
    • Quiz
  • Understanding the Incident Response process and tools quiz
Powered by GitBook
On this page
  • What are some IR assets?
  • What assets belong to IR?
  • Inventory what you have
  • Work with IT
  • Uneducated end users
  • Validate the need for discovered tools
  1. Stages of Incident Response

Incident Response assets inventory and identification

PreviousIdentifying threats and vulnerabilitiesNextIncident identification

Last updated 8 months ago

What are some IR assets?

  • People

  • Tools

    • Hardware

    • Software

What assets belong to IR?

  • Which are outright IR asset?

  • Which are shared with other teams?

    • SIEM, IDS, etc ...

Inventory what you have

Discovery through technical means

  • Port scans, memory scans, etc

Discovery through administrative means

  • Work with account payable and procurement to see what's being paid for

Discovery through work observation

  • Recently found that some of the tools the organization depended on the most were not documented

Work with IT

Already likely to have matured in the areas of asset identification

Will probably share a lot of resources, so some are already inventoried

May already have systems in place for this process

Uneducated end users

End-user attacks are the most common reasons for breach

  • Phising attacks, other social engineering, etc.

Training programs should include some knowledge of IR

Also often first indicators of attack

Validate the need for discovered tools

Sometimes, tools are outdated or no longer used but still being paid for

This will help with budgeting

Will also help with getting an idea of tools training requirements

Incident Response Stage 1 – Preparation

7MB
Incident Response Stage 1 – Preparation.pdf
pdf