4.8 - CompTIA Security+

Preparation (step one)

The incident response step that involves establishing guidelines/policies to handle security incidents.

Detection (step two)

The process of identifying potential security incidents through monitoring systems and logs.

Analysis (step three)

Evaluating whether a security incident is truly malicious or requires organization attention.

Containment (step four)

Limiting a security incident or breach to affected systems or networks, such as quarantining infected machines.

Eradication (step five)

Removing the source of contamination that caused the security incident.

Recovery (step six)

Restoring systems and operations to normal after a security incident.

Lessons learned (step seven)

Reflecting on how a security incident occurred and implementing changes to prevent future incidents.

Training

Educating staff on actions during a security incident to improve response outcomes.

Tabletop exercise

A scenario-based testing exercise where responders discuss actions to handle threats.

Simulation

A team-based exercise where one team attacks while another responds and recovers.

Root cause analysis

Identifying underlying factors contributing to a security incident for better future strategies.

Threat hunting

Proactively searching for indicators of compromise within a network.

Digital forensics

Post-mortem analysis of an incident to understand its occurrence and root cause.

Legal hold

Data acquisition request that preserves electronically stored information (ESI).

Chain of custody

A legal document that tracks the possession of digital evidence.

Acquisition

The process of obtaining evidence during digital forensics.

Reporting

Providing documentation for the security incident and data acquisition process.

Preservation

Storage of data acquired during digital forensics.

E-discovery

Collecting, preparing, reviewing, and producing electronic documents.