Lesson Progress
0% Complete

Engage
Initial Triage
Interview key individuals
Notify internal management chain (preliminary)
Determine if illegal activity is involved
Determine if inappropriate internal involvement
Ensure appropriate evidence collection and preservation

Detect/Analyze
Research current attack intelligence and recent vulnerabilities
Update internal management team as appropriate (assessment)

Respond
Notify legal counsel of any illegal or inappropriate activity
Notify constituents (status update)
Notify law enforcement
Remove temporary containment measures
Notify computer security organizations and resources
Notify HR
Notify public relations department

Post-Incident
Notify internal management chain (resolution)
Notify constituents (resolution)
Properly dispose of incident information
Post-incident review
Generate incident report
Update policies and procedures

Complete

Initial

Custom