Chapter 2 Flashcards
Define Breach
The loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or any similar occurrence
Define Event
Any observable occurrence in a network or system.
What is an incident
An event that actually or potentially jeopardizes the CIA of a system or it’s data
Define Intrusion
A security event, or combination of events, that constitutes a deliberate security incident in which an intruder gains, or attempts to gain, access to a system or system resource without authorization.
Define a Theat
Any circumstance or event with the potential to adversely impact organizational operations
What is the primary goal of incident management
To be prepared
What is an adverse event
Events with negative consequences. Includes system crashes, malicious code execution
How does an event become an incident
Most events are harmless, but an event that has potential to cause harm or disupt business mission, it is then classified as an incident
What is an incident response plan
A document that contains predetermined instructions or procedures to detect, respond, and limit consequences of an incident
What are the 4 steps to an incident response
Preparation
Detection and Analysis
Containment, Eradication, and Recovery
Post-Incident Activity
What characterizes the containment step within an incident response
Gather evidence.
Choose an appropriate containment strategy.
Identify the attacker.
Isolate the attack.
What characterizes the Detection and Analysis
Monitor all possible attack vectors.
Analyze incident using known data and threat intelligence.
Prioritize incident response.
Standardize incident documentation.
What characterizes the preparation step of incident response
Develop a policy approved by management.
Identify critical data and systems, single points of failure.
Train staff on incident response.
Implement an incident response team. (covered in subsequent topic)
Practice Incident Identification. (First Response)
Identify Roles and Responsibilities.
Plan the coordination of communication between stakeholders.
When an incident occurs, what are the responisbilities of the CIRT?
Determine the amount and scope of damage caused by the incident.
Determine whether any confidential information was compromised during the incident.
Implement any necessary recovery procedures to restore security and recover from incident-related damage.
Supervise the implementation of any additional security measures necessary to improve security and prevent recurrence of the incident.
`What is the intent of a BCP
Sustian business operations while recovering from a significant distruption
What are the characteristics of BCP
Planning, Preparations,response and recovery…Does not typically include items to restore entire business, just focuses on what is critical
hWhat are the common components to a BCP
List of BCP team members
Immediate response Procedures and checklists
Notification systems and call trees for alerting of BCP activation
Guidance for management, including designation of authority for specific managers
How and when to enact plan
Contact numbers for critical members of the supply chain.
what is a redbook?
Binder containing hardcopy of BCP procedures and ciritical information regarding restoration
How often should a BCP be tested?
Routinely. Each individual organization must determine how often to test its BCP, but it should be tested at predefined intervals as well as when significant changes happen within the business environment.
Describe a BIA
Business impact analysis - Analysis of an IT system’s requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of disuption
Good to know
A BCP gets the ctitical parts of a business back in action, whereas a DRP guides actions of response until the end goal is reached - Business back up and running
What items are included in a DRP
The restoration of Information technology and communications services.
What are some document types you might find included in a DRP
Executive summary providing a high-level overview of the plan
Department-specific plans
Technical guides for IT personnel responsible for implementing and maintaining critical backup systems
Full copies of the plan for critical disaster recovery team members
Define Incident handling
The mitigation of violations of security policies and recommended practices.
