Reply To: OCU C)DFE D Week 05 Discussion

Kelly Crooks

The first step in the identification of an incident is receiving. In this step, the system is implemented to watch and collect information. The examiner needs to identify areas where there is little or no monitoring of the system but where visibility of the system exists. The system needs to have sensors implemented to receive and collect data on those areas and vulnerabilities. The sensors can be either electronic or human.

The second step in the identification of an incident is collection. In this step, there is a need for a centralized collection to gather and facilitate analysis of the data and information collected. The system should be designed to accept data from all of the sensors that you have in place. The collection process includes being able to accept data from not only the electronic sensors but manual and human sensors as well.

The third and final step in the process of identification of an incident is to analyze all of the data collected. You need to determine where the incident started and how to stop it. You need to stop the incident from continuing or happening again before you start to analyze the data. The analysis is automated and alerts to any problems in the data or how and where the incident started. In this process, you need the ability to analyze all the complied data from the system and human input and be able to determine any false positives that occurred. The analysis process includes the ability to collect, manage and archive the events that took place during the incident. The last step in the analysis process is to extract the data and report the findings to the appropriate departments or individuals.


Please Note:

The support ticket system is for technical questions and post-sale issues.


If you have pre-sale questions please use our chat feature or email .

Cybersecurity Certifications for Today's INFOSEC Careers

Mile2 Cybersecurity Certifications is a world-leader in providing accredited education, training, and certifications for INFOSEC professionals. We strive to deliver the best course ware, the strongest Cyber Range, and the most user-friendly exam system in the market.


Our training courses follow our role-based Certification Roadmap. Plus, many of our classes include hands-on skill development in our Cyber Range.  We train students in penetration testing,disaster recovery, incident handling, and network forensics.  Additionally, our Information Assurance training certification meets military, government, private sector and institutional specifications.  



We've developed training for...

Canada Army Navy Airforce

The Canadian Department of National Defense


The United States Air Force

Defense Logistics Agency

A United States Counterintelligence Agency

Texas Workforce Commission

Texas Workforce Commission

error: Alert: Content is protected !!