Chapter 8 Review Flashcards
Chapter 8 Review
Security incident management, disaster recovery planning, and business continuity planning all support a central objective, which is what
RESILIENCE AND RAPID RECOVERY WHEN DISRUPTIVE EVENTS OCCUR
Chapter 8 Review
As a result of a security incident event, these 3 things of information systems have been or is in danger of being compromised.
CONFIDENTIALITY, INTEGRITY, AVAILABILITY
Chapter 8 Review
The condition of information systems is a secondary concern compared to this, which is always the top priority when any disaster event has occurred.
HUMAN SAFETY
Chapter 8 Review
The phases of incident response are these 10 things;
- ____ ; preparing
- ____ ; identification of an incident
- ____ ; Triggering the incident response processes
- ____ ; Investigating
- ____ ; Preventing spread
- ____ ; Removal of offending issues
- ____ ; Returning to normal operations
- ____ ; Implementing controls to minimise future impact
- ____ ; Declaring the incident and subsequeny actions over
- ____ ; Learning what we could do better, what went wrong
- PLANNING
- DETECTION
- INITIATION
- ANALYSIS
- CONTAINMENT
- ERADICATION
- RECOVERY
- REMEDIATION
- CLOSURE
- POST-INCIDENT REVIEW
Chapter 8 Review
Security Incident response planning consists of the development of these 4 things/areas
- POLICIES
- ROLES and RESPONSIBILITIES
- PROCEDURES
- TESTING and TRAINING
Chapter 8 Review
Security incident response requires these things that enable an organization to be aware of an incident as it occurs.
INCIDENT DETECTION CAPABILITIES
Chapter 8 Review
Without this, an organization may not know about an intrusion for many weeks or months, if ever.
INCIDENT DETECTION CAPABILITIES
Chapter 8 Review
A primary capability in incident response is event visibility, which is usually provided through what system
SECURITY INFORMATION and EVENT MANAGEMENT
(SIEM)
Chapter 8 Review
Many organizations outsource this to a third-party managed security services provider.
SECURITY EVENT MONITORING
Chapter 8 Review
Organizations often outsource this to security professional services firms by purchasing a retainer, a prepaid arrangement.
INCIDENT RESPONSE
Outsourcing the incident response activity does not mean that the organization transfers the risk or responsibility of the incident response program or its impact on the business.
Chapter 8 Review
With the proliferation of outsourcing to cloud-based service providers, many security incidents now occur on what
SYSTEMS MANAGED BY THIRD-PARTY PROVIDERS
Security incidents occuring on systems managed by third-party providers requires additional planning and coordination on the part of the organization, so that incident response involving a third party is effective.
Chapter 8 Review
The organization may need to incorporate the third party’s one of these into their existing plan.
INCIDENT RESPONSE PLAN
Chapter 8 Review
These 2 things work together to ensure the survival of an organization during and after a natural or human-made disaster.
BUSINESS CONTINUITY PLANNING and DISASTER RECOVERING PLANNING
(BCP & DR)
