CISSP - Security Operations - Section 7.6
Conduct incident management including detection, response, mitigation, reporting, recovery, remediation, and lessons learned.
Conduct incident management across all phases - detection, containment, eradication, recovery, and lessons learned - following a structured incident response plan. Apply the lessons learned output to update controls, response procedures, and detection rules so that the same incident type cannot recur undetected.
incident responsedetectioncontainmenteradicationlessons learned
More in this domain
Back to all Security Operations objectives, or the CISSP cert hub.
Examworthy is not affiliated with or endorsed by (ISC)2. Original, blueprint-aligned practice material only.