X hits on this document

Powerpoint document

HHS Cybersecurity Program Training Information Security for Information Technology (IT) Administrato... - page 93 / 158

466 views

0 shares

0 downloads

0 comments

93 / 158

U.S. Department of Health and Human Services

After an incident has been contained and evidence preserved, as appropriate, eradication may be necessary to eliminate components of the incident. Deleting malicious code and disabling breached user accounts are examples of eradication. For some incidents, eradication is either not necessary or is performed during recovery.

During recovery, IT Administrators restore systems to normal operation and, as necessary, harden systems to prevent similar incidents. Recovery may involve such actions as restoring systems from clean backups, rebuilding systems from scratch, replacing compromised files with clean versions, installing patches, changing passwords, and adding or strengthening other security controls.

Page 6 of 12

Operations and Maintenance Phase

Incident Eradication and Recovery

Document info
Document views466
Page views466
Page last viewedSat Dec 10 21:33:05 UTC 2016
Pages158
Paragraphs2058
Words16945

Comments