Chapter 2

Question 1

Define Breach

Answer 1

The loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or any similar occurrence

Question 2

Define Event

Answer 2

Any observable occurrence in a network or system.

Question 3

What is an incident

Answer 3

An event that actually or potentially jeopardizes the CIA of a system or it’s data

Question 4

Define Intrusion

Answer 4

A security event, or combination of events, that constitutes a deliberate security incident in which an intruder gains, or attempts to gain, access to a system or system resource without authorization.

Question 5

Define a Theat

Answer 5

Any circumstance or event with the potential to adversely impact organizational operations

Question 6

What is the primary goal of incident management

Answer 6

To be prepared

Question 7

What is an adverse event

Answer 7

Events with negative consequences. Includes system crashes, malicious code execution

Question 8

How does an event become an incident

Answer 8

Most events are harmless, but an event that has potential to cause harm or disupt business mission, it is then classified as an incident

Question 9

What is an incident response plan

Answer 9

A document that contains predetermined instructions or procedures to detect, respond, and limit consequences of an incident

Question 10

What are the 4 steps to an incident response

Answer 10

Preparation
Detection and Analysis
Containment, Eradication, and Recovery
Post-Incident Activity

Question 11

What characterizes the containment step within an incident response

Answer 11

Gather evidence.
Choose an appropriate containment strategy.
Identify the attacker.
Isolate the attack.

Question 12

What characterizes the Detection and Analysis

Answer 12

Monitor all possible attack vectors.
Analyze incident using known data and threat intelligence.
Prioritize incident response.
Standardize incident documentation.

Question 13

What characterizes the preparation step of incident response

Answer 13

Develop a policy approved by management.
Identify critical data and systems, single points of failure.
Train staff on incident response.
Implement an incident response team. (covered in subsequent topic)
Practice Incident Identification. (First Response)
Identify Roles and Responsibilities.
Plan the coordination of communication between stakeholders.

Question 14

When an incident occurs, what are the responisbilities of the CIRT?

Answer 14

Determine the amount and scope of damage caused by the incident.
Determine whether any confidential information was compromised during the incident.
Implement any necessary recovery procedures to restore security and recover from incident-related damage.
Supervise the implementation of any additional security measures necessary to improve security and prevent recurrence of the incident.

Question 15

`What is the intent of a BCP

Answer 15

Sustian business operations while recovering from a significant distruption

Question 16

What are the characteristics of BCP

Answer 16

Planning, Preparations,response and recovery…Does not typically include items to restore entire business, just focuses on what is critical

Question 17

hWhat are the common components to a BCP

Answer 17

List of BCP team members

Immediate response Procedures and checklists
Notification systems and call trees for alerting of BCP activation
Guidance for management, including designation of authority for specific managers
How and when to enact plan
Contact numbers for critical members of the supply chain.

Question 18

what is a redbook?

Answer 18

Binder containing hardcopy of BCP procedures and ciritical information regarding restoration

Question 19

How often should a BCP be tested?

Answer 19

Routinely. Each individual organization must determine how often to test its BCP, but it should be tested at predefined intervals as well as when significant changes happen within the business environment.

Question 20

Describe a BIA

Answer 20

Business impact analysis - Analysis of an IT system’s requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of disuption

Question 21

Good to know

Answer 21

A BCP gets the ctitical parts of a business back in action, whereas a DRP guides actions of response until the end goal is reached - Business back up and running

Question 22

What items are included in a DRP

Answer 22

The restoration of Information technology and communications services.

Question 23

What are some document types you might find included in a DRP

Answer 23

Executive summary providing a high-level overview of the plan
Department-specific plans
Technical guides for IT personnel responsible for implementing and maintaining critical backup systems
Full copies of the plan for critical disaster recovery team members

Question 24

Define Incident handling

Answer 24

The mitigation of violations of security policies and recommended practices.