Professional Documents
Culture Documents
NAS2002 Respond Tasks List
NAS2002 Respond Tasks List
#Winter24/NAS2002/respond
Incident Management
1. implement an incident response plan when an event is detected
2. conduct initial assessment and triage of detected incidents to determine impact
and severity
3. escalate incident according to procedures defined in the IRP
4. determine whether to initiate recovery procedures based on incident's nature and
scope
Incident Analysis
1. analyse incidents to identify root cause and method of attack
2. document actions taken during incident investigation and ensure the integrity of
these records
3. gather data and metadata related to the incident for analysis and evidence
4. assess and validate the magnitude of the incident in terms of affected assets and
overall impact
Incident Reporting
1. inform internal and external stakeholders as per notification protocols
2. disseminate detailed information to relevant parties
Incident Mitigation
1. implement measures to contains and limit the spread of the incident
2. remove the threat from the environment and restore affected systems
tools - network segmentation tools, endpoint protection platforms,
malware removal tools, system restoration software
Additional Tasks
1. continuously update IRP based on lessons learned and evolving threats
2. review and analyse handling of incidents to improve future response efforts