Incident Response Phases

Jump to bottom

Austin Songer edited this page Jun 29, 2021 · 1 revision

Incident Response Phases

This project will use a modified Incident Response Process of mixing SANS Incident Response Process and NIST Incident Response Process.

NOTE: The common "preparation" phase will not be part of this Incident Response Process, but on each playbook will include a (P) Preparation at the beginning of each playbook.

More than one phase can be running in parallel.

Investigate
Remediate (contain, eradicate)
Communicate
Recover
Lessons Learned

If you have any changes that you think would be good for this incident response process please create a issue description what you want to change to this incident response process.