Skip main navigation



During the execution phase, the blue team enacts the response plan to evict the intruder from the organization’s information systems and remediate the vulnerabilities in the security configuration that the intruder leveraged when infiltrating the network. If completed successfully, the intruder will no longer be present within the organization’s information systems and the process of performing a more detailed post-incident analysis can occur.

Join the discussion

At what point should you be ready to attempt to evict an attacker from your organization’s network? Consider discussing this question in the forum. Use the discussion section below and let us know your thoughts. Once you’re happy with your contribution, click the Mark as complete button to check the step off, then you can move to the next step.
This article is from the free online

Microsoft Future Ready: Fundamentals of Enterprise Security

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now