Identification

Identification refers to the first step in the incident response process where an organization determines whether they have been breached or not.  Security professionals will seek indicators of compromise while …

Revision

Revision refers to the final aspect of incident response, that of revising procedures and systems to ensure an incident doesn’t occur again. During this part of the process, organizations must …

Phases in Security Incident Handling

Recovery

Recovery refers to phase four (4) in CyberHoot’s view of Cybersecurity Incident Handling. In this phase, incident handlers proceed with activities that seek to restore essential services and operations in …