Part IV. Intrusions and Incident Response

It is inevitable that a network falls to intrusion or malicious use of network resources. This part discusses some proactive measures an administrator can take to prevent security breaches, such as forming an emergency response team capable of quickly and effectively responding to security issues. This part also details the steps an administrator can take to collect and analyze evidence of a security breach after the fact.