Lab Exercise 1:

Following are the phases in Incident Handling and Response

1. Preparation
2. Detection
3. Containment
4. Eradication
5. Recovery
6. Follow-up

You have to complete tasks

TASK 1 Briefly explain each of the phases in your own words

TASK 2 Categorize the following example with respect to each phase.

Practical example

You have an eCommerce Site:

Some Client reported the server performance issue. Tech Support found out that the load on site was too high and it was not normal. Web Developer examined the code of the website and identified foreign code on the server. Web Developer than referred this issue to the information security team. Information Security team began collecting data. They further Contacted External Incident Response team.

Incident Response Team examined the server and they recommended for blocking some specific external IP addresses immediately. Then the team examined the server population and collected all the evidence very carefully and provided a written report of the incident. Then the team recommended removal of foreign code from the Web Server. Removing the foreign code from Web Server helped in recovering the system back to its normal performance. The team also recommended policy and procedure changes in order to avoid this incident in future.

Phase	Scenario Description
Preparation
Detection
Containment
Eradication
Recover
Follow-up