Incident Handling Process Overview

The incident handling process defines a capability for organizations to prepare, detect, and respond to malicious events.

incident handling has two main activities, which are investigating and recovering.

The investigation aims to:

• Discover the initial 'patient zero' victim and create an (ongoing if still active) incident timeline

• Determine what tools and malware the adversary used

• Document the compromised systems and what the adversary has done