Incident Handling

In computer security terms iincident handling refers to a plan for dealing with and recovering from network or system intrusion security incidents. According to SANS, an incident handling plan should provide for:

  1. Incident preparation
  2. Incident identification
  3. Incident containment
  4. Incident eradication
  5. Incident recovery
  6. Determine lessons learned and fix weaknesses