9.1: Description and Objectives
Description
Students learn about Incident Response (IR) strategies, including prevention and containment. They also learn how to create an Incident Response Plan.
Objectives
- List some common types of incidents that may occur in SCADA/ICS systems.
- Identify the phases of an Incident Response (IR), as described in the NIST SP 800-61.
- Define incident containment and describe how it is applied to an incident.
- Discuss the IR reaction strategies unique to each category of incident.
- Explain the components of an Incident Response Plan.
- Identify the 14 response core capabilities covered in the National Response Framework.