Group Policy Modification Incident Response Playbook

By : 6clicks
This Incident Response Methodology is a cheat sheet dedicated to incident handlers investigating a precise security issue.
In stock

Details

This download includes the 6clicks Incident Response playbook for Group Policy Modification

The purpose of a Cyber Security Playbook, or Security Playbook, is to provide all members of an organisation with a clear understanding of their roles and responsibilities regarding cybersecurity – before, during and after a security incident.

Adversaries may modify the configuration settings of a domain to evade defenses and/or escalate privileges in domain environments. Domains provide a centralized means of managing how computer resources (ex: computers, user accounts) can act, and interact with each other, on a network.

The policy of the domain also includes configuration settings that may apply between domains in a multi-domain/forest environment. Modifications to domain settings may include altering domain Group Policy Objects (GPOs) or changing trust settings for domains, including federation trusts.

Remember: If you face an incident, follow IRM, take notes, and do not panic. Contact your CERT immediately if needed.

6 steps are defined to handle security Incidents:

  • Preparation: get ready to handle the incident
  • Identification: detect the incident
  • Containment: limit the impact of the incident
  • Remediation: remove the threat
  • Recovery: recover to a normal stage
  • Aftermath: draw up and improve the process

Getting Started

Click "Book a demo" and our team will provide you with an overview of our content library within the 6clicks GRC platform.

Resources

Cyber Incident Response Guide

More Information

More Information
Jurisdiction All
Type Playbook