Compromise Accounts Incident Response Playbook

By : 6clicks
This Incident Response Methodology is a cheat sheet dedicated to incident handlers investigating a precise security issue.
In stock

Details

This download includes the 6clicks Incident Response playbook for Resource Development (Compromise Accounts)

The purpose of a Cyber Security Playbook, or Security Playbook, is to provide all members of an organisation with a clear understanding of their roles and responsibilities regarding cybersecurity: before, during and after a security incident.

Resource Development consists of techniques that involve adversaries creating, purchasing, or compromising/stealing resources that can be used to support targeting. Such resources include infrastructure, accounts, or capabilities. These resources can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using purchased domains to support Command and Control, email accounts for phishing as a part of Initial Access, or stealing code signing certificates to help with Defense Evasion.

Remember: If you face an incident, follow IRM, take notes, and do not panic. Contact your CERT immediately if needed.

6 steps are defined to handle security Incidents:

  • Preparation: get ready to handle the incident
  • Identification: detect the incident
  • Containment: limit the impact of the incident
  • Remediation: remove the threat
  • Recovery: recover to a normal stage
  • Aftermath: draw up and improve the process

Getting Started

Click "Book a demo" and our team will provide you with an overview of our content library within the 6clicks GRC platform.

More Information

More Information
Jurisdiction All
Type Playbook