Security+ Domain 5.0: Risk Management: Chapter 23

  1. Security+ Certification
  2. Security+ SY0-601: Definitions and Catchwords
  3. Security+ Domain 1.0: Threats, Attacks and Vulnerabilities
  4. Security+ Domain 2.0: Technologies and Tools, Chapter 6
  5. Security+ Domain 2.0: Technologies and Tools, Chapter 7
  6. Security+ Domain 2.0: Technologies and Tools, Chapter 8
  7. Security+ Domain 2.0: Technologies and Tools, Chapter 9
  8. Security+ Domain 2.0: Technologies and Tools, Chapter 10
  9. Security+ Domain 2.0: Architecture and Design
  10. Security+ Domain 3.0: Secure Systems Design and Deployment: Chapter 12
  11. Security+ Domain 3.0: Implementation cont’d
  12. Security+ Domain 3.0: Architecture and Design: Chapter 13: Embedded Systems
  13. Security+ Domain 3.0: Architecture and Design: Chapter 14: Application Development
  14. Security+ Domain 3.0: Architecture and Design: Chapter 15: Cloud and Virtualization
  15. Security+ Domain 3.0: Architecture and Design: Chapter 16: Resiliency and Automation
  16. Security+ Domain 3.0: Architecture and Design: Chapter 17: Physical Security
  17. Security+ Domain 4.0: Identity and Access Management: Chapter 18
  18. Security+ Domain 4.0: Identity and Access Management: Chapter 19
  19. Security+ Domain 4.0: Identity and Access Management: Chapter 20
  20. Security+ Domain 5.0: Risk Management: Chapter 21
  21. Security+ Domain 5.0: Risk Management: Chapter 22
  22. Security+ : Sample Questions
  23. Security+ Domain 5.0: Risk Management: Chapter 23
  24. bastion.inf
  25. Security+ Domain 5.0: Risk Management: Chapter 24
  26. Security+ Domain 5.0: Risk Management: Chapter 25
  27. Security+ Domain 5.0: Risk Management: Chapter 26
  28. Security+ Domain 5.0: Risk Management: Chapter 27
  29. Security+ Domain 5.0: Risk Management: Chapter 28
  30. Security+ Domain 5.0: Risk Management: Chapter 29
  31. Security+: My Favorite Free Tools

Chapter 23: Incident Response, Disaster Recovery and Continuity of Operations (Business Continuity)

Incident Response Plan

Documented incident types

Roles and responsibilities

Reporting

Escalation

Cyber-incident response teams

Incident Response Process

      1. Preparation
      2. Identification
      3. Containment
      4. Eradication
      5. Recovery
      6. Lessons Learned (Postmortem)

The SY0-601 revision of the Security+ certification adds knowledge of SOAR (Security Orchestration, Automation, and Response), particularly the concepts of Runbooks and Playbooks. See this discussion:
https://enterprisersproject.com/article/2020/10/what-is-soar-security-orchestration-automation-and-response

And this article covers some of the differences between runbooks and playbooks:
How to Create Runbooks: A Small Business Guide
https://www.fool.com/the-blueprint/runbook/

Disaster Recovery (when the meteor wipes your business off the Earth)

Recovery Sites

Hot

Warm

Cold

Order of Restoration

Backups

Copy

Full

Differential

Incremental

Geographic Considerations

Off-site backup requirements

Distance

Location

Legal

Data Sovereignity

Business Continuity

Tabletop exercises

After-action reports

Failover

Alternative processing sites

Alternative business practices