Group Policy Modification Incident Response Playbook

By : 6clicks
This Incident Response Methodology is a cheat sheet dedicated to incident handlers investigating a precise security issue.
In stock

Details

This download includes the 6clicks Incident Response playbook for Group Policy Modification

The purpose of a Cyber Security Playbook, or Security Playbook, is to provide all members of an organisation with a clear understanding of their roles and responsibilities regarding cybersecurity – before, during and after a security incident.

Adversaries may modify the configuration settings of a domain to evade defenses and/or escalate privileges in domain environments. Domains provide a centralized means of managing how computer resources (ex: computers, user accounts) can act, and interact with each other, on a network.

The policy of the domain also includes configuration settings that may apply between domains in a multi-domain/forest environment. Modifications to domain settings may include altering domain Group Policy Objects (GPOs) or changing trust settings for domains, including federation trusts.

Remember: If you face an incident, follow IRM, take notes, and do not panic. Contact your CERT immediately if needed.

6 steps are defined to handle security Incidents:

  • Preparation: get ready to handle the incident
  • Identification: detect the incident
  • Containment: limit the impact of the incident
  • Remediation: remove the threat
  • Recovery: recover to a normal stage
  • Aftermath: draw up and improve the process

Getting Started

Click "Book a demo" and our team will provide you with an overview of our content library within the 6clicks GRC platform.

More Information

More Information
Jurisdiction All
Type Playbook