Incident response planning
In previous chapters of this book, we saw that planning is really important and that prevention is a must to stop incidents from occurring. In this section, we will see what happens when we need to respond to incidents and recover from those incidents.
An incident response plan is really important because without it, the teams working on any project will find themselves in a really hard situation when responding to incidents. For example, a team was building an application and had already launched that web application online. One night, a serious Distributed Denial-of-Service (DDoS) attack coincided with a network intrusion and the team had no idea how to respond to that attack. The developers did everything they could to stop the attack from occurring but lost important data that was on the server at the time. This is where Blue teams come in. The Blue Team member who is assigned this case should follow the procedure in place and document any action...