Simulate - Security Pillar


Recover from the incident: After teams have implemented best practices, they can now focus on ensuring the complete removal of the compromise. They can do this by restoring files or pieces of data that were compromised during the incident from backups or previous versions. Also, they must ensure that all suspicious activity has ceased and continue to monitor to ensure a stable state.

Post-incident debrief: This session allows teams to share learnings and increase the overall effectiveness of the organization’s incident response plan. Here the teams should review handling of the incident in detail, document lessons learned, update runbooks based on learnings, and determine if new risk assessments are required.