Chapter 11
Incident Detection and Response
About This Chapter
As discussed in Chapter 10, "Organizational Security," a computer security incident is an actual, suspected, or attempted compromise of any information technology system. Any activity that threatens a computer system or violates a security policy can lead to an incident. An intrusion, which is any compromise of your organization's confidentiality, integrity, and availability (C-I-A) triad, is one type of incident. In this chapter you learn how to identify and respond to computer security incidents.
Before You Begin
You should read and understand the topics covered in the following chapters before reading this chapter: Chapter 1, "General Networking and Security Concepts," Chapter 2, "TCP/IP Basics," Chapter 4, "Network Infrastructure Security," Chapter 6, "Application Security," Chapter 8, "Security Baselines," and Chapter 10.