Can you specify detection rules? Like do you want more technical information on how to build one or a less technical way of how one is designed?

You're very welcome! I greatly appreciate the feedback. I've been debating leaving out the background music, but I think it sounds nice.

Hello! So an incident can happen for many reasons, and it doesn't have to mean a breach. A breach is a type of incident.

@@cybergraymatter understood. Thank you!

Thanks for your comment, David! The SANS has more steps than the NIST, and they basically say the same thing. I was wanted to elaborate on the cycle with more steps to create addutional explanation. They both have different value depending on the organization. NIST is for government use, and there could be a full containment, eradication, and recovery team. Another organization may have to outsource their recovery, so it fits better in its own step all together.

Thanks for the input! I agree that it's silly that they essentially say the same thing, yet they are both treated as different standards. In fact, there's even ISO and ISACA to add to the list. It would have been easier to choose one, but I just wanted viewers to know the difference, as this may come up on a certification exam or asked in an interview. I tried to make the focus on the content of the steps vs the fact that they are arranged differently. As for what standard we should use, it really comes down to what an organization chooses. You may have a specific team to contain the incident and another that's primary function is to recover from it, so SANS might fit better in the IR plan layout when identifying who is in charge of what.

@@cybergraymatter thank you very much for the knowledge. it takes a real one to share knowledge like you did.

cool bruh

Thanks for your comment, Munish. I will try and slow down for the next video. In the meantime, you can slow the video down to .75x speed in the video settings. Hope this helps!