X hits on this document

Powerpoint document

HHS Cybersecurity Program Training Information Security for Information Technology (IT) Administrato... - page 92 / 158

385 views

0 shares

0 downloads

0 comments

92 / 158

U.S. Department of Health and Human Services

There is a delicate balance between protecting evidence from an incident and containing an incident to prevent further impact. If evidence is destroyed, it may be difficult to determine the root cause and prosecute the attacker.

Containment strategies vary based on the type of incident. Criteria for determining the appropriate strategy include:

Potential damage to and theft of resources;

Need for evidence preservation;

Service availability (e.g., network connectivity, services provided to external parties);

Time and resources needed to implement the strategy;

Effectiveness of the strategy (e.g., partially contains the incident, fully contains the incident); and

Duration of the solution (e.g., emergency workaround to be removed in four hours, temporary workaround to be removed in two weeks, permanent solution).

Page 5 of 12

Operations and Maintenance Phase

Incident Containment

Document info
Document views385
Page views385
Page last viewedMon Dec 05 08:30:45 UTC 2016
Pages158
Paragraphs2058
Words16945

Comments