top of page
71OMr0D4FrL._SL1500_.jpg
119159849_10158061653118813_5314694876572739015_n.jpg
71eSH5cSYiL._SL1377_.jpg
final.png

CISSP Study Plan – Day 46 of 55 | Incident Response


“No quote today — because incident response doesn’t wait for perfect timing. It demands readiness, action, and composure.” – Luke Ahmed

Today is Day 46 of Yihenew’s CISSP study plan, focusing on Incident Response (IR) — one of the most real-world, high-pressure topics in the CISSP exam and in the cybersecurity profession.


Incident response is where theory meets crisis. It’s not about preventing every incident — it’s about preparing for the inevitable, minimizing impact, and restoring confidence. A CISSP doesn’t panic when something goes wrong; they execute a structured, documented process.


Key Areas Covered in the CISSP Study Plan

  • Definition:Incident response is the structured approach for detecting, responding to, mitigating, and learning from security incidents that threaten confidentiality, integrity, or availability.

  • The 6 Phases of Incident Response (NIST SP 800-61):

    1. Preparation – Develop policies, playbooks, and tools. Train the team, test procedures.

    2. Detection & Analysis – Identify potential incidents through alerts, logs, or anomalies. Validate and classify the incident type and severity.

    3. Containment – Isolate affected systems to prevent spread while maintaining evidence integrity.

    4. Eradication – Remove the root cause (malware, vulnerabilities, compromised accounts).

    5. Recovery – Restore systems, verify functionality, monitor for recurrence.

    6. Lessons Learned – Conduct post-incident analysis to improve future responses.

  • Roles and Responsibilities:

    • Incident Response Team (IRT) – Executes technical and managerial actions.

    • Management – Provides authority and communication oversight.

    • Legal/HR/PR – Handles compliance, internal communication, and public relations.

  • Essential Documentation:

    • Incident response plan (IRP)

    • Communication matrix

    • Chain of custody forms

    • Root cause analysis reports


CISSP Exam Tie-In

CISSP exam questions will often present you with a chaotic scenario — multiple alerts, compromised systems, and panic in the air. Your task? Identify the phase or priority.

Key exam tips:

  • Who reports the incident?” → Detection.

  • How do you prevent spread?” → Containment.

  • System restored and being monitored?” → Recovery.

  • What should be updated after?” → Lessons learned / policy revision.

The correct CISSP answer is almost never the most technical one — it’s the most procedural and risk-driven one.


Quick CISSP Practice Question

Which of the following activities occurs during the containment phase of incident response?

A. Removing all malware from infected systems

B. Documenting and reviewing lessons learned

C. Isolating affected systems to prevent further damage

D. Conducting a post-incident policy review


Correct Answer: C. Isolating affected systems to prevent further damage

Explanation:Containment prevents escalation or lateral spread. Eradication and recovery happen later; lessons learned follow recovery.


Think Like a Manager:Don’t rush to “fix” the problem — stabilize it first. A CISSP controls chaos through process, not panic.


Check out Yani's TikTok or see Day 30 or Day 32.


👉 Can you take the Yani Challenge?


55 days of consistent CISSP prep, tackling one domain at a time, using only the resources below:


Course

Luke's CISSP Course (2 months access, $89.98)

One-to-one Zoom sessions with Luke Ahmed (2 weeks before exam)


Books, Notes, and Practice Questions

Sybex 10th Edition (Around $52.55)



Total Cost: approxiamately $250 depending on your geographic location. Yani is located in East Africa.


📚 Study Plan (55 Days of Dedication):

- Weekdays: 2–3 hours of focused study—late nights and early mornings (5 AM).

- Weekends: 5–6 hours of deep study sessions.


Pass CISSP in first attempt within 100 questions.


Yani's biggest expense was his time, committment, consistency, and dedication! It was worth it because he passed first attempt in 100 questions using the above resources only.


If Yihenew could do it, so can you.


All the best Future CISSP. You can feel free to contact me anytime as well.


Thank you.

Luke Ahmed


 
 
  • Youtube
  • Instagram
  • Linkedin
  • Facebook
  • TikTok
bottom of page