Abstract
These Incident Response Methodologies are cheat sheets dedicated to incident handlers investigating precise security issues.
Who should use IRM sheets ?
- Administrators
- Security Operation Center
- CISOs and deputies
- CERTs (Computer Emergency Response Team)
Remember: If you face an incident, follow IRM, take notes and do not panic. Contact your CERT immediately if needed.
Incident handling steps
6 steps are defined to handle security incidents
- Preparation: get ready to handle the incident
- Identification: detect the incident
- Containment: limit the impact of the incident
- Remediation: remove the threat
- Recovery: recover to a normal stage
- Aftermath: draw up and improve the process
IRM provides detailed information for each step.