Chapter 9 Flashcards
What is it called when an occurrence happens, security wise?
Security event
A server crash that has a negative effect on the company is called a what?
Adverse event
When a skl is lost, what is this an example of? A loss of sensitive information
A security incident
As a warrant officer, I am responsible for submitting a report that follows the sop. I am apart of what kind of team?
Computer security incident response teams (csirt)
What is the name of the process a csirt member must go through?
PDCP (preparation, detection, containment, post-incident)
Name a few things that must be apart of the incident response kit
USB bootable media, backup devices, workstations, laptop for other forensic activities
Which standard for security events?
NIST 800 - 61
According to NIST ) now can you improve incident analysis?
Declutter to capture traffic
Have a continuity book
Capture bad traffic -
What is root cause analysis
A process to correct all that caused the problem in the first place of the problems
For now long does the federal government retain records?
3 years
Csirt members should follow this in the event a security incident just occurred
Procedure
This book describes the procedures you must follow when facing a security incident helps guide the CSIRT’s response
Playbook
What type of threat uses brute-force to expose or compromise data?
Attrition
Which type of attackers goes after the big dawgs such as nation state actors and uses zero day vulnerabilities to their advantage?
Apt advanced persistent threat
What are two things to look at when a security incident happens?
The scope of the incident and the severity of it
