Explaining Incident Response Activities Flashcards
Incident Response Plans(IRP)
Specific procedures that must be performed if a certain type of event is detected or reported.
Playbooks
A checklist of actions to perform to detect and respond to a specific type of incident.
Tabletop Exercise
A discussion of simulated emergency situations and security incidents.
Lessons Learned Report(LLR)
An analysis of events that can provide insight into how to improve response and support processes in the future
Business Continuity(BC)
A collection of processes that enable an organization to maintain normal business operations in the face of some adverse event.
Disaster Recovery(DR)
A documented and resourced plan showing actions and responsibilities to be used in response to critical incidents.
Disaster Recovery Plan
Incident Response Plan Process
Preparation
Detection & Analysis
Containment
Eradication & Recovery
Post-incident Activity
Lessons Learned
These meetings must avoid pointing blame and instead focus on improving procedure.
Digital Forensics
The process of gathering and submitting computer evidence for trial. Digital evidence is latent, meaning that it must be interpreted. This means that great care must be taken to prove that the evidence has not been tampered with or falsified.
Chain of Custody
Record of evidence-handling from collection to presentation in court to disposal.
Legal Hold
A process designed to preserve all relevant information when litigation is reasonably expected to occur.
e-Discovery
Procedures and tools to collect, preserve, and analyze digital evidence.
Digital Forensics Process
Immediate Impact
This refers to direct costs incurred because of an incident, such as downtime, asset damage, fees, penalties, and other costs.
