Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Domain 5: Information Asset Protection > 1.2: Security Incident Management > Flashcards

1.2: Security Incident Management Flashcards

1
Q

What is a security incident

A

Any event that represents a violation of an organizationn’s security policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Types of Security Incidents

A
  • Computer account abuse - sharing of user account credential
  • Computer or network trespass - unauthorized person accesses a computer network
  • Interception of information - eavesdropping on communications
  • Malware
  • Denial of Service (DoS) attack
  • Distributed Denial of Service (DDoS) attack
  • Equipment theft
  • Disclosure of sensitive information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Is a vulnerability that is discovered a security incident?

A

No, it’s not a security incident, but it may prompt a response that is similar to an actual incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How should an effective response to incident be?

A

Documented and rehearsed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The phase of incident response

A
  • Planning - development of written response procedures that are followed when an incident occurs.
  • Detection - when the organization became aware or active or past incident
  • Initiation - Response to the incident begins
  • Evaluation - response team analyze available data, in order to understand the cause, scope, and impact of the incident.
  • Eradication - step to remove the source of incident
  • Recovery - brining system back to their pr-incident state
  • Remediation - changes that will reduce or eliminate similar incident occurring.
  • Closure - After eradication, recovery, and remediation are completed
  • Post-incident Review - Lesson learned
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What Incident response testing

A

. Incident response testing helps to improve the quality of those plans, which will help the organization to better respond when an incident occurs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Types of activities carried out during incident response testing

A
  • Document review
  • Walkthrough
  • Simulation

These tests should be performed once a year.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How is incident prevention primarily accomplished?

A

Through knowledge of vulnerabilities and actions to remove them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Important elements in the prevention of security incident

A
  • Vulnerabilities and treat monitoring :
  • Situation awareness
  • Threat hunting
  • Vulnerability management - tools and techniques to detect vulnerabilities in network devices, servers etc.
  • Advanced anti-malware : at the network boundaries , servers, endpoints, and mobile devices.
  • system hardening - configured only essential services on a system.
  • Intrusion detection - gives early warning of network-or computer-based attacks.
  • Intrusion prevention - Like IDS, but can actively block activities that resemble attacks.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When is a forensic investigation required

A

when a security incident has occurred and it is necessary to gather evidence to determine the facts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Domain 5: Information Asset Protection (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions