Following are the six different phases of the Incident handling process:
1.Preparation: Preparation is the first step in the incident handling process. It includes processes like backing
up copies of all key data on a regular basis, monitoring and updating software on a regular basis, and creating
and implementing a documented security policy. To apply this step a documented security policy is formulated
that outlines the responses to various incidents, as a reliable set of instructions during the time of an incident.
The following list contains items that the incident handler should maintain in the preparation phase i.e. before
an incident occurs:
Establish applicable policies
Build relationships with key players
Build response kit
Create incident checklists
Establish communication plan
Perform threat modeling
Build an incident response team
Practice the demo incidents
2.Identification: The Identification phase of the Incident handling process is the stage at which the Incident
handler evaluates the critical level of an incident for an enterprise or system. It is an important stage where the
distinction between an event and an incident is determined, measured and tested.
3.Containment: The Containment phase of the Incident handling process supports and builds up the incident
combating process. It helps in ensuring the stability of the system and also confirms that the incident does not
get any worse.
4.Eradication: The Eradication phase of the Incident handling process involves the cleaning-up of the identified
harmful incidents from the system. It includes the analyzing of the information that has been gathered for
determining how the attack was committed. To prevent the incident from happening again, it is vital to
recognize how it was conceded out so that a prevention technique is applied.
5.Recovery: Recovery is the fifth step of the incident handling process. In this phase, the Incident Handler
places the system back into the working environment. In the recovery phase the Incident Handler also works
with the questions to validate that the system recovery is successful. This involves testing the system to make
sure that all the processes and functions are working normal. The Incident Handler also monitors the system to
make sure that the systems are not compromised again. It looks for additional signs of attack.
6.Lessons learned: Lessons learned is the sixth and the final step of incident handling process. The Incident
Handler utilizes the knowledge and experience he learned during the handling of the incident to enhance and
improve the incident-handling process. This is the most ignorant step of all incident handling processes. Many
times the Incident Handlers are relieved to have systems back to normal and get busy trying to catch up other
unfinished work. The Incident Handler should make documents related to the incident or look for ways to
improve the process.
Answer option C is incorrect. The post mortem review is one of the phases of the Incident response process.