4.2 Policies, Procedures & Processes

Question 1

Define incident response plan (5)

Answer 1

1. Document and information prepared in advance so that everyone knows what do
2. Contact info for necessary responders
3. Hardware & software needed for the response
4. Analysis resources, such as network diagrams
5. Policies with the process that will be followed

Question 2

Tabletop exercises

Answer 2

Incident preparedness exercise where everyone is gathered to discuss the process of a simulated security incident

Question 3

Walk-through exercise

Answer 3

Expansion of a tabletop exercise where the actual hardware and software used in the response is verified

Question 4

Simulation exercise

Answer 4

An actual live test of a security incident, such as sending phishing emails to see how many users provide their credentials

Question 5

Stakeholder management

Answer 5

All stakeholders should be involved incident planning and incident exercises

Question 6

List 3 major attack frameworks and their use

Answer 6

1. MITRE ATT&CK - pre-attack information gathering
2. Diamond Model of Intrusion Analysis - used during an attack
3. Cyber Kill Chain - attack model

Question 7

MITRE ATT&CK

Answer 7

Information database generated from previous attacks to become familiar with how to recognize attacks and what they are trying to do

Question 8

Diamond Model of Intrusion Analysis (CAVI) (2)

Answer 8

1. Government developed model to help understand attacks
2. Four corners - capability, adversary, victim, infrastructure

Question 9

Cyber Kill Chain (RWA) (2)

Answer 9

1. Military developed model applied to cybersecurity
2. 3 Stages - reconnaissance, weaponization, and action

Question 10

Incident response stages (PRICE + L) (6)

Answer 10

Preparation, recovery, Identification, containment, eradication, lessons learned