检测
分析
控制问题
解决问题
总结经验
+
+
+
+
+
调查系统、网络或数据中的可疑异常或系统生成的警报所指示的潜在事件。
+
检测
确定事件的类别、范围和潜在影响。
+
分析问题
Investigate potential incidents indicated by suspicious anomalies �in a system, the network, or data or �by system-generated alerts.
+
Detection
Conduct post-incident reporting �and analysis to evaluate security operations, response capabilities, and procedures.
+
Post-Incident
Activity
Determine the category, scope, and potential impact of the incident.
+
Analysis
限制事件的范围和规模,以减少对关键任务流程的影响。
+
控制问题
采取措施消除入侵或攻击的原因及影响。
+
解决问题
进行事后报告和分析,以评估安全操作、响应能力和程序。
+
总结经验
Limit the scope and magnitude of �an incident to limit the impact on mission-critical processes.
+
Containment
Apply measures to eliminate the causes and effects of an intrusion �or attack.
+
Eradication
and Recovery