Perform a tabletop drill based on previously identified incident scenarios.

Simulate an incident by shutting down power to the primary data center.

Migrate active workloads from the primary data center to the secondary location.

Compare the current plan to lessons learned from previous incidents.

Shut down the server.

Reimage the server.

Quarantine the server.

Update the OS to latest version.

CVSSv3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSSv3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Evaluate scoring fields, such as Spam Confidence Level and Bulk Complaint Level

Review the headers from the forwarded email

Examine the recipient address field

Examine the SPF, DKIM, and DMARC fields from the original email

Review the Content-Type header

Multifactor authentication

Password changes

System hardening

Password encryption

Integrate an IT service delivery ticketing system to track remediation and closure

Create a compensating control item until the system can be fully patched

Accept the risk and decommission current assets as end of life

Request an exception and manually patch each system

Join an information sharing and analysis center specific to the company's industry

Upload threat intelligence to the IPS in STIX/TAXII format

Add data enrichment for IPs in the ingestion pipeline

Review threat feeds after viewing the SIEM alert