In the past few chapters, we've discussed how continuous monitoring, security awareness, and threat intel can create cyber intelligence communication channels between each other. By understanding the external incidents and events around us, we can train our users to inform IT operations (help desk) of any anomalies in the normal day-to-day operations. This chapter is all about handling anomalies with respect to baselines by empowering the incident response capability in our organizations.
We will review:
- Incident response processes:
- Preparation
- Detection and analysis
- Containment, eradication, and recovery
- Post-incident activity
- Integration of F3EAD and incident response processes
- Integration of F3EAD, incident response, and intelligence cycle processes
- Example incident response Capability Maturity Model