TheCCST Cybersecurity Study Guide(based on the NIST Incident Response Lifecycle) outlines four phases:
"Develop and maintain an incident response capability to ensure organizational readiness. This includes tools, training, and security controls."
"Identify potential security incidents through monitoring, alerts, and analysis. Confirm whether suspicious activity is legitimate and assess the scope of the incident."
Containment, Eradication, and Recovery–
"Limit the impact of the incident, remove the threat, and restore systems to normal operation."
"Document and review the incident to determine the root cause, evaluate response effectiveness, and implement measures to prevent recurrence."
(CCST Cybersecurity,Incident Handling, Incident Response Lifecycle section, Cisco Networking Academy)
