(1)Efficiency ideas in Incident Response Processes Flashcards
What are three normal parts of the incident response process outside of automated solutions?
Three normal parts of the incident response process include
-Doing recon on the source of the attack, including geolocation and IP address info
-Adding additional log information for the system that is targeted based on the security information and event management (SIEM) query
-Starting a vulnerability scan of the system in question to help figure out if the attack has a large chance of success
Are there possibilities to bring automation to the incident response process? If so, what are they?
Automation in incident response is a huge opportunities but is a work in progress because this is normally the most human centric (manual) part of the cybersecurity system
How can information security teams begin to implement incident response data into an automated process flow?
Teams looking to automate incident response should check on all of the routine processes that first responders have and figure out if any info gathering requirements are able to be automated.
Can incident response playbooks be fully automated? Will there ever be a time when some human intervention will be totally unneccessary?
Yes they can. There will always be situations where humans need to be involved, but many parts of the incident response process (blocking access to resources for individual users, quarantining suspect systems, activating incident escalation processes, etc.)
What is the future of cybersecurity analytics going to involve? Describe it
The future of cybersecurity analytics is going to involve machine learning, which are processes designed to automatically get knowledge from large groups of information created by security systems.
