4.2 Importance of policies, processes, and procedures for incident response Flashcards
What do you call a set of intended actions, usually mutually related through which one expects to achieve a goal? High-level, light on the details.
Plan
What do you call a series of related tasks or methods that together turn inputs into outputs? Ordered task list or flow chart.
Process
What do you call a prescribed way of undertaking a process or part of a process? A particular method for performing a task.
Procedure
What phase of incident response is where incident response plans are written and configurations documented.
Phase 1: Preperation
What phase of incident response determines whether or not an organization has been breached? (Is it really an incident?)
Phase 2: Identification
What phase of incident response focuses on limiting damage (scope) of the incident?
Phase 3: Containment
What phase of incident response is where affected systems are identified, isolated or shutdown, and rebuilt?
Phase 4: Eradication
What phase of incident response is where the root cause is addressed and time to return to normal operations estimated and executed?
Phase 5: Recovery
What phase of incident response helps prevent recurrence and improves the incident response process?
Phase 6: Lessons Learned
What type of incident response exercise has one distribute copies of incident response plans to the members of the incident response team for review? Team members then provide feedback about any updates needed to keep the plan current.
Tabletop Exercise
What type of incident response exercise has the team members of the incident response team gather and role-play an incident scenario? Can ensure needed tools and resources are available and team members are familiar with their roles.
Walkthrough
What type of incident response is similar to a structured walkthrough, except some of the response measures are then tested (on non-critical functions)? Involves some form of doing.
Simulation
What is an online framework that can be used by commercial organizations developed by a US government-sponsored company whose aim is to help prevent cyber-attacks? Provides information about adversaries and their attack methods.
MITRE ATT&CK Framework
What attack framework traces the stages of a cyberattack from early reconnaissance to the exfiltration of data?
Lockheed Martin Cyber Kill Chain
What step of the Lockheed Martin Cyber Kill Chain deals with harvesting email addresses, company info, etc…?
Step 1. Reconnaissance
In what step of the Lockheed Martin Cyber Kill Chain does the actor create malware tailored to the vulnerabilities of the remote target?
Step 2. Weaponization