# Preventing and Responding to Incidents

### Incident Response Plan Phases

* Preparing for incidents
* Identify the occurence of an incident
* Containing the incident
* Treat the incident
* Recover from incident
* Post-incident review
* **Three things you need to have in place to prepare**
  * Business Continuity Plan
  * Disaster Recovery Plan
  * Incident Response Plan

### Incident Response Steps

* **Detection**
  * IDS/IPS
  * AntiVirus
  * Scans of audit logs
  * End users report irregular activity
* **Response**
* **Mitigation**
* **Reporting**
* **Recovery**
* **Remediation**
* **Lessons Learned**

### Reference Material

* [NIST Special Publication 800-61 Revision 2: Computer Security Incident Handling Guide](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf)
* [ISO/IEC 27035-2](https://www.iso.org/standard/78974.html)
* [NCSS Good Practice Guide](https://www.enisa.europa.eu/publications/ncss-good-practice-guide)
* [NIST Framework for Improving Critical Infrastructure Cybersecurity](https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf)
* [NIST 800-153 - Guidelines for Securing WLANs](https://access.wgu.edu/ASP3/aap/content/nistspecialpublication800-153.pdf)