Question

What steps would you take after a cybersecurity incident occurs?

Answer 1

Following steps constitute the incidence response strategy of organizations nowadays:

• Identification: In this step, the security incident is identified and reported to the higher authorities. IR team tries to find the source of the security breach.
• Triage and analysis: Data is collected from various sources and analyzed further to find indicators of compromise.
• Containment: The affected systems are isolated to prevent further damage.
• Post-incident activity: This step includes documentation of information to prevent such security incidents in the future.