Detection and Analysis

Preparation and Planning

Containment, Eradication, and Recovery

Post-Incident Activity

Eliminate the threat vector from the environment

Restrict the impact and propagation of the incident

Recover compromised systems and restore data integrity

Implement governance frameworks and operational protocols

Eradication

Recovery

Detection

Post-Incident Analysis

Establish governance frameworks and procedural protocols

Mitigate vulnerabilities and eliminate threats from the environment

Recover compromised systems and restore data integrity

Conduct post-incident analysis to enhance security posture

Detection

Recovery

Containment

Eradication

Eradication of Threats

Post-Incident Analysis

System Recovery

Incident Detection

Post-Incident Analysis

System Restoration

Incident Detection

Incident Containment