Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CC > Chapter 2 mod 1 > Flashcards

Chapter 2 mod 1 Flashcards

Incident Response, Business Continuity, Disaster Recovery

1
Q

Define Breach

A

The loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or any similar occurrence where: a person other than an authorized user accesses or potentially accesses personally identifiable information; or an authorized user accesses personally identifiable information for other than an authorized purpose

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define Event

A

Any observable occurrence in a network or system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define Exploit

A

A particular attack. It is named this way because these attacks exploit system vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define Incident

A

An event that actually or potentially jeopardizes the confidentiality, integrity or availability of an information system or the information the system processes, stores or transmits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define Intrusion

A

A security event, or combination of events, that constitutes a deliberate security incident in which an intruder gains, or attempts to gain, access to a system or system resource without authorization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define Threat

A

an activity, deliberate or unintentional, with the potential for causing harm to an automated information system or activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define Vulnerability

A

Weakness in an information system, system security procedures, internal controls or implementation that could be exploited by a threat source.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define Zero Day

A

A previously unknown system vulnerability with the potential of exploitation without risk of detection or prevention because it does not, in general, fit recognized patterns, signatures or methods.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the top priority of any incident response?

A

The top priority of any incident response is to protect life, health, and safety, and safety is always chosen first when making decisions related to priorities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the primary goal of incident management?

A

The primary goal of incident management is to be prepared, requiring a policy and a response plan to guide the organization through a crisis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What term is sometimes used interchangeably with incident management to describe the process?

A

The term “crisis management” is sometimes used interchangeably with incident management to describe the process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

define an event in the organizational context?

A

An event is defined as any measurable occurrence, and most events are harmless. However, if the event has the potential to disrupt the business’s mission, it is called an incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the key requirement for preserving business viability and survival during an incident?

A

Every organization must have an incident response plan to help preserve business viability and survival during an incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the ultimate aim of the incident response process?

A

The incident response process is aimed at reducing the impact of an incident, enabling the organization to resume interrupted operations as soon as possible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How does incident response planning relate to business continuity management (BCM)?

A

incident response planning allows the organization to handle an incident from the start.
Business continuity management keeps the organization running during the lifecycle of an incident, while disaster recovery patterns the recovery process back to normalcy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the overarching goal of incident response in relation to organizational operations?

A

The overarching goal of incident response is to reduce the impact of an incident, allowing the organization to resume its interrupted operations as quickly as possible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What broader discipline does incident response planning fall under?

A

Incident response planning falls under the broader discipline of business continuity management (BCM).

19
Q

What role does the incident response plan play in relation to the incident response policy?

A

The incident response plan is referenced by the incident response policy, serving as a living representation that employees follow based on their role in the process.

20
Q

What aspects of the organization should shape the incident response process?

A

The organization’s vision, strategy, and mission should shape the incident response process.

21
Q

What does the incident response plan contain, and what does it represent for an organization?

A

The incident response plan may contain several procedures and standards related to incident response and represents a living representation of an organization’s incident response policy.

22
Q

What should the procedures to implement the incident response plan define?

A

The procedures to implement the incident response plan should define the technical processes, techniques, checklists, and other tools that teams will use when responding to an incident.

23
Q

What components are commonly found in the preparation phase of an incident response plan?

A

Components in the preparation phase include developing an approved policy, identifying critical data and systems, training staff, implementing an incident response team, practicing incident identification, identifying roles and responsibilities, and planning communication coordination.

24
Q

What activities are involved in the detection and analysis phase of an incident response plan?

A

Activities in the detection and analysis phase include monitoring all possible attack vectors, analyzing incidents using known data and threat intelligence, prioritizing incident response, and standardizing incident documentation.

25
Q

What are the key activities in the containment phase of an incident response plan?

A

Key activities in the containment phase include gathering evidence, choosing an appropriate containment strategy, identifying the attacker, and isolating the attack.

26
Q

What activities are part of the post-incident activity phase in an incident response plan?

A

Post-incident activities include identifying evidence that may need to be retained, documenting lessons learned, and conducting a retrospective analysis.

27
Q

What should be considered when planning the coordination of communication between stakeholders in the preparation phase?

A

The possibility that a primary method of communication may not be available should be considered when planning the coordination of communication between stakeholders.

28
Q

What is the overarching structure of the incident response plan, as mentioned in the text?

A

The incident response plan typically consists of four main phases: Preparation, Detection and Analysis, Containment, Eradication and Recovery, and Post-incident Activity.

29
Q

What is the organizational need mentioned alongside establishing a Security Operations Center (SOC)?

A

The organizational need mentioned alongside establishing a Security Operations Center (SOC) is the need to create a suitable incident response team.

30
Q

How can an incident response team be structured in terms of staffing and training?

A

An incident response team can be leveraged, dedicated, or a combination of both, depending on the requirements of the organization.

31
Q

What role do many IT professionals play in incident response?

A

Many IT professionals are classified as first responders for incidents, being the first on the scene and possessing the skills to differentiate typical IT problems from security incidents.

32
Q

How are IT professionals similar to medical first responders in their roles?

A

IT professionals, like medical first responders, have the skills and knowledge to provide assistance and differentiate between typical IT problems and security incidents.

33
Q

What specific training do IT professionals need for incident response?

A

IT professionals need specific training to determine the difference between a typical problem that needs troubleshooting and a security incident that requires reporting and addressing at a higher level.

34
Q

What is emphasized as crucial for IT professionals in distinguishing between minor and major incidents?

A

IT professionals need training to distinguish between minor and major incidents and know what actions to take when encountering a major security incident.

35
Q

How is a typical incident response team described in terms of its composition?

A

A typical incident response team is described as a cross-functional group of individuals representing the management, technical, and functional areas most directly impacted by a security incident.

36
Q

Who are potential members of an incident response team?

A

Potential members of an incident response team include representatives of senior management, information security professionals, legal representatives, public affairs/communications representatives, and engineering representatives (system and network).

37
Q

What is the role of representatives of senior management in an incident response team?

A

Representatives of senior management play a role in the incident response team by providing leadership and decision-making from a strategic perspective.

38
Q

Why is it important for an incident response team to include cross-functional members?

A

An incident response team needs cross-functional members to bring diverse skills and perspectives from management, technical, and functional areas to effectively address the impacts of a security incident.

39
Q

What training should team members have in relation to incident response?

A

Team members should have training on incident response and the organization’s incident response plan.

40
Q

What are the typical responsibilities of team members during an incident response?

A

Team members typically assist with investigating the incident, assessing the damage, collecting evidence, reporting the incident, initiating recovery procedures, participating in remediation and lessons learned stages, and contributing to root cause analysis.

41
Q

What are the common names for teams responsible for investigating computer security incidents?

A

Teams responsible for investigating computer security incidents are commonly known as computer incident response teams (CIRTs) or computer security incident response teams (CSIRTs).

42
Q

What are the four primary responsibilities of a response team when an incident occurs?

A

The four primary responsibilities of a response team when an incident occurs are:

Determine the amount and scope of damage caused by the incident.
Determine whether any confidential information was compromised during the incident.
Implement any necessary recovery procedures to restore security and recover from incident-related damage.
Supervise the implementation of any additional security measures necessary to improve security and prevent recurrence of the incident.

43
Q
A

CC (21 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions