The Five Steps of Incident Response
|
Step |
Purpose |
Example |
|
1. Detect |
Find out that something’s wrong. |
Noticing antivirus alerts. |
|
2. Contain |
Stop the damage from spreading. |
Disconnect infected computers. |
|
3. Eradicate |
Remove the root cause. |
Delete the malware. |
|
4. Recover |
Restore systems and data. |
Use backups to get files back. |
|
5. Review (Lessons Learned) |
Study what went wrong to prevent it next time. |
Update security rules. |
Think of it like first aid: stop the bleeding, clean the wound, and learn how to avoid it again.
