❤️ Wesprzyj projekt
PL
EN English UK Українська PL Polski ES Español DE Deutsch FR Français PT Português TR Türkçe JA 日本語 KO 한국어 RU Русский

What is incident-response?

Emergency breach management.

🌐 Terminy w innych językach:
English Русский Українська
Treść oczekuje na tłumaczenie. Wyświetlana jest wersja angielska.

Emergency breach management.

        graph LR
  Center["What is incident-response?"]:::main
  Pre_cybersecurity["cybersecurity"]:::pre --> Center
  click Pre_cybersecurity "/terms/cybersecurity"
  Pre_malware_analysis["malware-analysis"]:::pre --> Center
  click Pre_malware_analysis "/terms/malware-analysis"
  Pre_network_security["network-security"]:::pre --> Center
  click Pre_network_security "/terms/network-security"
  Center --> Child_digital_forensics["digital-forensics"]:::child
  click Child_digital_forensics "/terms/digital-forensics"
  Center --> Child_disaster_recovery["disaster-recovery"]:::child
  click Child_disaster_recovery "/terms/disaster-recovery"
  Rel_security_operations_center_soc["security-operations-center-soc"]:::related -.-> Center
  click Rel_security_operations_center_soc "/terms/security-operations-center-soc"
  Rel_vulnerability_management["vulnerability-management"]:::related -.-> Center
  click Rel_vulnerability_management "/terms/vulnerability-management"
  Rel_siem["siem"]:::related -.-> Center
  click Rel_siem "/terms/siem"
  classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
  classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
  classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
  classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
  linkStyle default stroke:#4b5563,stroke-width:2px;
🕸️ Open in Universe

🧒 Wyjaśnij jak 5-latkowi

🚑 The steps a company takes to stop a hack, fix the damage, and prevent it from happening again.

🤓 Expert Deep Dive

## The IR Lifecycle (NIST Framework)
1. Preparation: The most critical phase. If you don't have the tools and team ready before the attack, the rest of the phases will likely fail.
2. Detection & Analysis: Using tools like SIEM and EDR to confirm an event is an actual security incident.
3. Containment, Eradication, & Recovery: The 'battle' phase where the threat is isolated and removed.
4. Post-Incident Activity: Reviewing what went wrong to harden defenses for the future.

🔗 Powiązane terminy

Wymagana wiedza:
Dowiedz się więcej:

📚 Źródła

1. Computer security incident management
2. nist.gov
3. sans.org