Skip main navigation



During the execution phase, the blue team enacts the response plan to evict the intruder from the organization’s information systems and remediate the vulnerabilities in the security configuration that the intruder leveraged when infiltrating the network. If completed successfully, the intruder will no longer be present within the organization’s information systems and the process of performing a more detailed post-incident analysis can occur.

Join the discussion

At what point should you be ready to attempt to evict an attacker from your organization’s network? Consider discussing this question in the forum. Use the discussion section below and let us know your thoughts. Once you’re happy with your contribution, click the Mark as complete button to check the step off, then you can move to the next step.
This article is from the free online

Microsoft Future Ready: Fundamentals of Enterprise Security

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education