Explanation & Hint:
- Preparation: This phase involves establishing and training the incident response team, creating incident response policies and procedures, and setting up communication plans. The description “Conduct training on incident response” matches this phase.
- Detection and Analysis: This phase is about monitoring for, detecting, and analyzing potential security incidents. The description “Identify, analyze, and validate incidents” matches this phase.
- Containment, Eradication, and Recovery: Once an incident is confirmed, the next steps are to contain the threat, eradicate it from the system, and recover any affected systems to a secure state. The description “Implement procedures to eradicate the impact to organizational assets” matches this phase.
- Post-Incident Activities: After an incident has been dealt with, the organization should review what happened, document the lessons learned, and update the incident response plan accordingly. The description “Document how incidents are handled” matches this phase.
|