Incident Response Procedures Show Plans must be: The process of developing and maintaining an appropriate plan for the defined scope of incident management and response should include: Concepts Incident response
is the last step in an incident handling process. Responsibilities and efficiently. Incident response goals include: The ISM must define what constitutes a security-related incident: (by Scenario) Senior Management Commitment Incident Management Resources Policies and Standards Incident Response Technology Concepts IRT members must understand the impact to organizational system, including:
Personnel Team organizational types: (ORG syles) Awareness and Education Detailed Plan of Action for Incident Management Developing an Incident Response Plan 1. Preparation 2. Identification 3. Containment 4. Eradication 5. Recovery 6. Lessons learned Gap Analysis - Basis for an Incident Response Plan Business Impact Assessment Incident
Management and Response Teams Recovery Site Basis for Recovery Site Selections Reciprocal Agreements Impact Analysis with Incident Response High-Availability Considerations ============================================================== Practice Question 4-2 Practice Question 4-3 Practice Question 4-4 Practice Question 4-5 Practice Question 4-6
Practice Question 4-7 Practice Question 4-8 Practice Question 4-9 Practice Question
4-10 What is the most important step of incident handling?Detection (identification)
One of the most important steps in the incident response process is the detection phase. Detection, also called identification, is the phase in which events are analyzed in order to determine whether these events might comprise a security incident.
What are 3 basic elements in an incident?The Three Elements of Incident Response: Plan, Team, and Tools.
What are the main components of incident handling?Key Elements of Incident Response Management. Respond to threats.. Triage incidents to determine severity.. Mitigate a threat to prevent further damage.. Eradicate the threat by eliminating the root cause.. Restoring production systems.. Post-mortem and action items to prevent future attacks.. What is the correct order of incident handling?The NIST incident response lifecycle breaks incident response down into four main phases: Preparation; Detection and Analysis; Containment, Eradication, and Recovery; and Post-Event Activity.
|