Incident Response Steps: NIST and SANS Framework — Cybersecurity Mind Map
5. Incident Response Steps: NIST and SANS Framework
Structured incident response minimises damage when a breach occurs. This mind map compares the NIST and SANS PICERL frameworks step by step.
Topics Covered
- NIST SP 800-61 incident response lifecycle
- SANS PICERL: Preparation, Identification, Containment, Eradication, Recovery, Lessons
- Preparation: IR plan, playbooks, team roles
- Detection and analysis: alert triage, severity classification
- Containment: network isolation, account lockdown
- Eradication: malware removal, root cause fix
- Recovery: system restoration and validation
- Post-incident review and improvement