Buy Existing Paper - Incident Response

Description

Incident Response

  1. What the four faces of the incident response lifecycle defined by NIST?
  1. Preparation
  2. Identification/Detection and Analysis
  3. Containment, Eradication, and Recovery
  4. Post-incident Activity
  1. What is CSIRT?

It is the first point of contact for the notification of security incidents. It is made up of a team, who are the people tasked with managing

  1. True or false? It is important to publish all security alerts to all members of staff.

False.

Such information should be made available to the experts that are able to handle them at that level of security awareness

  1. What role does out-of-band messaging play in incident response?

It provides a safe and secure channel through which incident responders can communicate without causing alarm or alerting the attacker.

  1.  What is an incident response playbook?

It is an operating procedure formulated to give guidance to incident responders as they move from one phase to the next phase of incident response when handling defined intrusion scenarios.

  1. True or false? The “first responder” is whoever fast report an incident to the CSIRT.

The first responder cannot be any person to first report an incident. Rather, he must be a member of CSIRT

  1. What type of actions are appropriate to the containment phase of incident response?

The first action should be to protect the unaffected system from the malware or intrusion through various actions such as stopping the entire system. Additionally, the affected system may be quarantined to protect the other part of the network. The next step should be to carry out an assessment to determine if a data breach has occurred. The requirements for escalation as well as notification have to be assessed during this step.

 

  1. What the four faces of the  lifecycle defined by NIST?
  1. Preparation
  2. Identification/Detection and Analysis
  3. Containment, Eradication, and Recovery
  4. Post-incident Activity