USD ($)
$
United States Dollar
Euro Member Countries
India Rupee
د.إ
United Arab Emirates dirham
ر.س
Saudi Arabia Riyal
Your cart is empty
Empty notifications
Login Register

Containment Strategies

Lesson 21/30 | Study Time: 15 Min
Course: ISO 27035 Incident Management Fundamental Course Online

Containment strategies are critical actions taken during the incident response process to limit the scope and impact of a security incident.

The primary goal of containment is to prevent the incident from spreading, minimize damage, preserve evidence for investigation, and maintain operational continuity as much as possible.

Proper containment is a balance between swift action and careful planning, as aggressive containment may disrupt essential business functions or compromise forensic data.

ISO/IEC 27035 highlights the importance of tailored containment measures that fit the unique context and risks of each incident.

Short-Term Containment

Short-term containment focuses on immediate tactics to halt the spread of the incident and mitigate urgent risks. Examples include:


1. Isolating affected systems by disconnecting them from the network or disabling compromised accounts to prevent lateral movement and further exploitation.

2. Blocking malicious IP addresses or network ports using firewalls or intrusion prevention systems (IPS).

3. Applying temporary security controls, such as network segmentation or access restrictions, to contain affected zones.


The objective is to implement these measures quickly to stabilize the situation and buy time for a more thorough response.

Long-Term Containment

Long-term containment involves more comprehensive and sustainable actions that allow business operations to continue while preventing recurrence of the incident. Measures may include:


1. Deploying permanent firewall rules and security patches to address vulnerabilities exploited in the attack.

2. Reconfiguring user permissions and access controls to align with the principle of least privilege.

3. Strengthening monitoring systems with enhanced detection rules based on indicators of compromise identified during the incident.

4. Conducting employee training targeted at behaviors that contributed to the incident.


Long-term containment requires coordination between security, IT, and business teams to balance security improvements with operational needs.



Previous Lesson Next Lesson
Scott Hamilton

Scott Hamilton

Product Designer
Profile

Class Sessions

1- Overview of Information Security Incidents 2- Importance of Incident Management 3- ISO/IEC 27035 Standard Structure and Purpose 4- Key Terminology: Events, Incidents, Vulnerabilities, Threats 5- Relationship with Other Standards (ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27005, ISO/IEC 22301) 6- Incident Management Life Cycle 7- Principles of Incident Management 8- Incident Management Roles and Responsibilities 9- Coordination and Communication in Incident Management 10- Legal and Regulatory Considerations in Incident Management 11- Developing an Incident Management Policy and Procedures 12- Establishing an Incident Response Team 13- Training, Awareness, and Roles Assignment 14- Tools and Technologies for Incident Detection and Response 15- Incident Escalation and Communication Plans 16- Methods of Incident Detection 17- Monitoring and Alerting Systems 18- Incident Classification and Categorization 19- Incident Impact Assessment 20- Documentation and Reporting of Incidents 21- Containment Strategies 22- Eradication of Threats 23- Recovery Methods to Restore Services and Systems 24- Communication During Incident Response 25- Coordination with Internal and External Stakeholders 26- Incident Documentation and Lessons Learned 27- Post-Incident Review and Root Cause Analysis 28- Updating Policies, Procedures, and Controls 29- Metrics and Reporting for Incident Management Performance 30- Building Organizational Resilience

Sales Campaign

Sales Campaign

We have a sales campaign on our promoted courses and products. You can purchase 1 products at a discounted price up to 15% discount.

View Courses