The Lumu Malware Incident Response Playbook is based on the Computer Security
Incident Handling Guide by the National Institute of Standards and Technology (NIST). This playbook should be considered a guideline and needs to be adapted according to the specific requirements of each organization.
According to NIST special publication 800-61, the incident response life cycle has four main phases, as described below.
This is the initial phase where organizations plan measures to respond effectively to incidents when they are discovered.
Detection & Analysis
Organizations should work to detect and validate incidents as quickly as they can. Early detection helps organizations to control the number of infected systems and makes the next phase easier.
Containment, Eradication & Recovery
This phase has two key goals, stop the spread of the threat and prevent more damage inside the network. Organizations should have strategies and procedures according to the level of risk of the detected compromise.
This last phase is designed to incorporate the lessons learned about the incident and be better prepared in the future.