Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Q&A > Incident Handling > Flashcards

Incident Handling Flashcards

1
Q

Incident Handling Phases

A

“Phase 1: Preparation
Phase 2: Identification
Phase 3: Containment
Phase 4: Eradication
Phase 5: Recovery
Phase 6. Lessons Learned”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Phase 1: Preparation

A

“Establish applicable policies?
Build relationships with key players?
Build your response kit?
Create incident checklists?
Establish communication plan?
Perform threat modeling?
Build an incident response team?”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Phase 2: Identification

A

“In this phase of the process, you determine whether or not an incident exists.
An event is defined as any observable occurrence in a system and/or network.
An incident is defined as an adverse event in a system and/or network or the threat of such an event.
Essentially, an event is anything that happens in your environment and an incident occurs when that event threatens or actually does harm to your environment.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Phase 3: Containment

A

“During the containment phase, you want to ensure that the incident
does not get any worse; if your company is planning on pursuing legal action, this is the phase in which you gather evidence.

To contain the incident, you might want to remove the system from the network; however, because it is a revenue generating system, management might not allow this to take place.

This is where the negotiating begins and it is important that you or your team has discussed these scenarios in advance with management in the preparation phase, so that you are prepared for them when they arise.
Some tasks that occur during the containment phase include:
Prevent further contamination of the system or network?
Preserve Evidence?”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Phase 4: Eradication

A

“during this phase that you analyze the information that you have gathered to determine how the attack took place.
To prevent the incident from happening again”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Phase 5: Recovery

A

“The recovery phase of this methodology is where you place the system back into the production environment.
In this phase, you work with your QA and business partners to validate that the system recovery is successful.
This involves testing the system to make sure that all business processes and function are back to normal.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Phase 6. Lessons Learned

A

“Utilize what you learned during the handling of the incident to
enhance and improve your incident-handling process.
? Complete the incident report and present findings to management.
? Look for ways to improve the process both from a technical and administrative aspect.
? Have a clearly defined plan for implementing these improvements.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Q&A (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions