(The network environment is becoming more and more cluttered, and the technical level and tricks of network attacks are constantly increasing and improving, even surpassing the level of security prevention technology in the same period; coupled with the people involved in security prevention work, there is often a situation where there are hundreds of secrets. Therefore, even if we formulate the most suitable security prevention strategy and use the most advanced security technologies and products, we still cannot ensure the certain security of the objects to be maintained. This also shows that security matters may still appear. As the saying goes, don’t be afraid of 10,000, just be afraid of what if, if a security incident really occurs, how should we deal with it? Facts have proved that formulating an effective network security incident response plan in advance (referred to as the incident response plan in the subsequent description of this article) can help you and your security management team accurately identify the type of incident after presenting the actual security incident, and timely. Maintain the log and other supporting documents, find out the reason for the attack, and put the system into normal operation after proper correction. Sometimes, it is even possible to find a detailed attacker by analyzing the retained log files for clues of any relevant attacks in them, and to engage him or her in accordance with the law.)
收藏
