Domain 2: Business Continuity, Disaster Recovery, and Incident Response Flashcards
What is the priority of any incident response?
To protect life, health, and safety.
What is the primary goal of incident management?
To be prepared
What is the other term for incident management?
Crisis Management
Every organization must have a _____ that will help preserve business viability and survival.
Incident Response Plan
The loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or any similar occurrence where: a person other than an authorized user accesses or potentially accesses personally identifiable information; or an authorized user accesses personally identifiable information for other than an authorized purpose.
Breach
Any measurable occurence
Event
An event that actually or potentially jeopardizes the confidentiality, integrity or availability of an information system or the information the system processes, stores or transmits.
Incident
A security event, or combination of events, that constitutes a deliberate security incident in which an intruder gains, or attempts to gain, access to a system or system resource without authorization
Intrusion
Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image or reputation), organizational assets, individuals, other organizations or the nation through an information system via unauthorized access, destruction, disclosure, modification of information and/or denial of service.
Threat
Weakness in an information system, system security procedures, internal controls or implementation that could be exploited by a threat
Vulnerability
An unknown vulnerability because it doesn’t fit previously recognizable patterns or method, therefore it doesn’t have risk of detection
Zero Day
What shapes the incident response process?
The vision, mission and strategy of the organization
What are the components of the incident response plan?
- Preparation
- Detection and Analysis
- Containment, Eradication, and Recovery
- Post-Incident Activity
What is the first response in the preparation component?
Identification of Incident
What should we look out for in the preparation component with regards to data and systems?
Single points of failure
What must be taken into account when choosing the communication between stakeholders?
That the primary method of communication may not always be available
In the detection and analysis component, documentation must be?
Standardized
What is the primary goal of the third component of an incident response plan?
Identify and Isolate the attacker.
In the post-incident activity, lessons learned must be documented, especially in what cases?
When the information compromised is under the protection of the law.
Along with the organizational need to establish a _______is the need to create a suitable ______
Security Operations Center (SOC);incident response team
Many organizations now have a dedicated team responsible for investigating any computer security incidents that take place. They are called?
Computer Incident Response Teams or Computer Security Incident Respons Teams
When an incident occurs, the response team has four primary responsibilities?
- Amount and Scope of Damage
- Confidential information compromised?
- Recovery and Restore Security
- Supervises implementation of additional security measures
What do you call the list of persons to contact in case of disruption of operations?
Phone tree
