From the course: Certificate of Cloud Security Knowledge (CCSK) Cert Prep
Join today to access over 25,300 courses taught by industry experts.
Containment, eradication, recovery, and postanalysis
From the course: Certificate of Cloud Security Knowledge (CCSK) Cert Prep
Containment, eradication, recovery, and postanalysis
- [Instructor] When reviewing the third phase of IR, containment, eradication, and recovery, it's essential to consider the methods, processes, and tools used in production. For instance, if an organization is using infrastructure as code, immutable infrastructure, microservices, and federated environments, all of those factors empower the ability to contain, eradicate, and recover from an incident. Containment plans should be developed in collaboration with the system owner as they have the best understanding of the system. A robust containment capability is closely tied to practical understanding of identity and access management tools at the management playing level. In addition to managing human accounts in IAM tools, responder teams need to be aware of service accounts that could be compromised and exploited by attackers. Network containment is more easily facilitated since rules can be quickly implemented and changes made to prevent and further restrict access. Depending on the…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.