Skip to content
/ incident-response Public

Incident response is a set of steps that are used to handle the aftermath of a data breach or cyberattack

License

AGPL-3.0 license
5 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

qeeqbox/incident-response

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
incident-response.drawio
incident-response.drawio
 
 
incident-response.png
incident-response.png
 
 

Repository files navigation

Incident response

Incident response is a set of steps that are used to handle the aftermath of a data breach or cyberattack

Steps

Preparation

This step determines how the origination will respond in case a data breach or cyberattack occurs (It's established before the incident)

  • List of assets (Risk assessment)
  • Communication
  • Documentation
  • Training
  • IR plan

Identification

Determinate whether a data breach or cyberattack happened or not

Containment

Once an incident is identified, then affected assets are isolated

  • Short-term
  • Long-Term

Eradication

Eliminate the cause of the data breach or cyberattack

Recovery

Bring the affected assets back to production and monitor them to ensure everything is back to normal

Lessons Learned

Finish up documentation and answer some follow-up questions regarding how to improve the current process

ID

51a6dc04-1550-4e08-a1e9-f4e909959b4f

References

About

Incident response is a set of steps that are used to handle the aftermath of a data breach or cyberattack

Topics

incident-response cycle qeeqbox infosecsimplified

Resources

Readme

License

AGPL-3.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

5 stars

Watchers

1 watching

Forks

2 forks
Report repository

Sponsor this project

 
Learn more about GitHub Sponsors