Incident Management Flashcards

1
Q

What is the difference between an information security event and an information security incident?

A

An information security event is an identified occurrence that possibly represents a breach, while an information security incident is an unwanted or unexpected event that can compromise and damage the company

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Information Security Incident Management?

A

The set of processes for detecting reporting and controlling information security incidents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the top priority of Incident Management?

A

Ensure everyone knows what to do in the case of an incident and who to report to

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the five main phases in the management of an incident?

A

Reporting, Investigation, Assessment, Corrective Actions, and Review

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

To capture all necessary information, what should you have to record events?

A

You should use a standard form (An incident report form)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is an IRT?

A

An IRT is an Incident Report Team, a group of experienced members from all over the company’s roles specifically given extra privileges and contacts to be able to deal with incidents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Why is it important to record events?

A

So that the rest of the team knows what to do during the incident after report, and also to allow for evaluation to improve the plan in the future

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is business continuity?

A

Business continuity is the measures implemented to allow a company to continue operating after a major incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a BCP?

A

A BCP is a Business Continuity Plan, and it is the plan that will allow business continuity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Disaster Recovery?

A

When an incident is too major that operations are damaged beyond repair, disaster recovery must be used, using contingency plans and looking for long term goals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How do plans manage to put into consideration most events even if they are unidentified?

A

They do not look at events but instead possible impacts such as loss of a building, which would include many different events and still allow for disaster recovery or business continuity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the main things plan development must think about?

A

The eventualities/impacts, when a plan must be enacted, and which parts of a DR plan to use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly