Chapter 26 Incident Recovery

bring system back to a known good state, remove damage, restore availability & accuracy.
after incident is contained, or during if business necessity.
minimize losses by limiting length of incident.

Repair vulnerability: most successful attacks are against known vulnerabilities.
--apply patch
--disable service
--change procedure
--redesign system

Improve safeguard
--review them, adjust
--add new ones for new services & locations

Update detection IDS. detection as last defense P> Restoration of data. ensuring its availability, integrity, confidentiality

Restoration of services. ensuring its availability, integrity, confidentiality

Monitor for additional signs of attack

Restoration of confidence: incident plan says what info is released when & by whom.
groups that need confidence instilled: management, stockholders, users, partners, public.