Abstract

These Incident Response Methodologies are cheat sheets dedicated to incident handlers investigating precise security issues.

Who should use IRM sheets ?

  • Administrators
  • Security Operation Center
  • CISOs and deputies
  • CERTs (Computer Emergency Response Team)

Remember: If you face an incident, follow IRM, take notes and do not panic. Contact your CERT immediately if needed.

Incident handling steps

6 steps are defined to handle security incidents

  1. Preparation: get ready to handle the incident
  2. Identification: detect the incident
  3. Containment: limit the impact of the incident
  4. Remediation: remove the threat
  5. Recovery: recover to a normal stage
  6. Aftermath: draw up and improve the process

IRM provides detailed information for each step.