Containment

Monitoring & Detection

Eradication

Post-Incident Review

Rebooting all systems immediately

Blocking malicious IP addresses

Isolating infected machines & user accounts

Changing passwords of compromised accounts

Reboot all systems

Inform clients that a breach has occurred

Remove the malware

Remove all security threats & backdoors

NSOC

HR

Marketing

HOO

Patch vulnerabilities

Monitor for re-infection

Perform a post-incident review

All of the above

Monitors server temperatures

Detects malware and removes it

Automates incident alerting & tracking

Encrypts sensitive files for security

If a minor server restart fails

If customer data is exposed

If IT staff accidentally deletes a non-critical file

If an employee loses their access badge