Professional Documents
Culture Documents
§ This analysis will result in a final risk ranking based on risk that has
adequate controls, inadequate controls and no controls.
§ The action taken in this phase is to limit the exposure. Activities in this
phase include:
§ Activating the incident management/response team to contain the incident
§ Notifying appropriate stakeholders affected by the incident
§ Obtaining agreement on actions taken that may affect availability of a service or
risk of the containment process
§ Getting the IT representative and relevant virtual team members involved to
implement containment procedures
§ Obtaining and preserving evidence
§ Documenting and taking backups of actions from this phase onward
§ Controlling and managing communication to the public by the public relations
team
INCIDENT RESPONSE LIFECYCLE – ERADICATION
§ Part of the report should contain lessons learned that provide the
valuable learning points of what could have been done better.
• Post Incident
ü Lesson learned
ü Restoring operations to normal
ü Better wipe out all files, change with a new fresh apps
ü Ensuring that no vulnerabilities remain
ü Improving defences
ü Performing vulnerability analysis
ü Standardized
ü …
COMPUTER FORENSIC
• Computer Forensic
o https://lms.onnocenter.or.id/wiki/index.php/Forensik