18
Marty Gillespie (mgg@dnaco.net)
Identification
III
•Determine if
the event is an incident
–Not all events are
incidents, but all incidents start as events
–Look for the obvious
first:
•Configuration
problems
•Service outages ( bad
cables, down Telco circuits, power, etc.)
•Hardware problems
–Continually reassess
evidence as it presents itself