The Lumu General Incident Response Playbook is based on the Computer Security
Incident Handling Guide by the National Institute of Standards and Technology (NIST). This playbook should be considered a guideline and needs to be adapted according to the specific requirements of each organization.
According to NIST special publication 800-61, the incident response life cycle has four main phases, as described below.
Detection & Analysis
Containment, Eradication & Recovery
This phase has two key goals, stop the spread of the threat and prevent more damage inside the network. Organizations should have strategies and procedures according to the level of risk of the detected compromise.