4.2 policies, processes, and procedures for incident response Flashcards
MITRE ATT&CK framework
HOW ATTACKERS OPERATE
a knowledge base that models the tactics and techniques used by cyber adversaries. It’s designed to help organizations understand how attackers operate, what their objectives are, and how to defend against them.
The Diamond Model of
Intrusion Analysis
a model that describes cyber attacks. It has four parts:
- Adversary: Where the attackers are from
- Infrastructure: The capabilities used
- Capability: The infrastructure used
- Target: The victim
Cyber Kill Chain
military concept developed by lockheed martin
a model that breaks down the phases of a cyberattack.
- Reconnaissance
- Weaponization
- Delivery
- Exploitation
- Installation
- Command and control
- Actions on objectives
COOP
continuity of operations planning
incident response process
- Preparation
- Identification
- Containment
- Eradication
- Recovery
- Lessons learned