LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is the purpose of the Remediation step, and what does it cover?

Remediation ensures the same incident or attack cannot happen again, by strengthening controls and identifying Indicators of Attack and of Compromise.

This phase makes the organisation more resilient against a repeat. It has two parts. Strengthening security measures: deploy new controls or update existing ones — e.g. adjusting configurations, applying patches, or tuning firewall/IDS/IPS rules. Identifying Indicators of Attack (IOAs) and Compromise (IOCs): so the next attack of this kind is spotted early and counter-measures can be prepared. Typical IOAs include unusual outbound traffic to unexpected IPs or domains, abnormal DNS query patterns, unusually high HTTP requests/responses, DDoS traffic, and new (Windows) registry entries.

Tip: IOA = signs of an attack in progress (behaviour); IOC = forensic evidence that a compromise already happened (artefacts).

Go deeper:

From Quiz: ISM / Security Incident Management | Updated: Jul 05, 2026