SEC 11: How do you respond to an incident?

Preparation is critical to timely investigation and response to security incidents to help minimize potential disruption to your organization.


Incident Response in the Cloud
Automating Incident Response and Forensics in AWS
GitHub: AWS Security Automation

Best Practices:

Improvement Plan

Identify people who will respond to an incident
Identify resources available that will help your organization respond to an incident.

Prepare for an incident
Preparation is critical to minimize disruption for responding to and recovering from an incident
NIST: Computer Security Incident Handling Guide

Practice incident response and recovery

Resources from partners
Configuration and Vulnerability Analysis
Developer Tools /Issue & Bug Tracking