4.4 Post-Incident Mitigation Flashcards
Actions for endpoint mitigation post-incident
Application white/black lists, quarantine un-recognized apps
Isolation relative to post-incident mitigation
Systems can be isolated from network during remediation of breach/compromise
Define containment relative to mitigation strategy
Containment runs each application in its own sandbox to limit pivoting if the application is compromised
Define segmentation as a mitigation strategy
Segmentation is creating protected network segments for sensitive devices so that if the internal network is breached, the sensitive devices are protected
Define Security Orchestration, Automation, and Response (SOAR)
A centralized tool allowing the automation of admin tasks, such as disabling a user account
Define runbook
A script or description of the steps for a specific task
Define playbook
The combination of runbooks into a larger task