404 On The Floor

My personal website where I blog, take notes, and do writeups on cybersecurity and digital privacy.

View on GitHub

Here’s the class for this note, the source, and the IBM Data Breach Calculator for fun. This note is in lowercase, as it’s taken directly from my actual school-notes vault in Obsidian!

Similar to the Vulnerability Management Lifecycle, this process has three general phases: prepare, respond, follow-up.

phase 1: preparation

This phase is essentially the e-discovery1 process.

  1. consider a criticality assessment for your org
  2. cyber security threat analysis with realistic scenarios and rehearsals
  3. consider the implications of people, process, technology, & information
  4. create a control framework
  5. review your state of readiness

phase 2: detection and analysis

  1. identify the security incident
  2. define objectives and investigate

phase 3: containment, eradication, and recovery

  1. take appropriate action
  2. recover systems, data, and connectivity

phase 4: post-incident activity

  1. investigate incident thoroughly
  2. report incident to relevant stakeholders
  3. post-incident review
  4. communicate & build on lessons learned
    • conduct root cause analysis and complete a LLR (lessons learned report) or an AAR (after-action report)
  5. update key information, controls, & processes
  6. perform trend analysis

  1. e-discovery: data inventory, classification, & management

    • understand current tech status and how to control data retention & backup

published: Oct 23, 2025
updated: Nov 4, 2025 word count: 222
Tagged: #infosec, #im