Detection
Analysis
Containment
Eradication
and Recovery
Post-Incident
Activity
+
+
+
+
+
Investigate potential incidents indicated by suspicious anomalies in a system, the network, or data or by system-generated alerts.
+
Detection
Determine the category, scope, and potential impact of the incident.
+
Analysis
Investigate potential incidents indicated by suspicious anomalies �in a system, the network, or data or �by system-generated alerts.
+
Detection
Conduct post-incident reporting �and analysis to evaluate security operations, response capabilities, and procedures.
+
Post-Incident
Activity
Determine the category, scope, and potential impact of the incident.
+
Analysis
Limit the scope and magnitude of an incident to limit the impact on mission-critical processes.
+
Containment
Apply measures to eliminate the causes and effects of an intrusion or attack.
+
Eradication
and Recovery
Conduct post-incident reporting and analysis to evaluate security operations, response capabilities, and procedures.
+
Post-Incident
Activity
Limit the scope and magnitude of �an incident to limit the impact on mission-critical processes.
+
Containment
Apply measures to eliminate the causes and effects of an intrusion �or attack.
+
Eradication
and Recovery