Incident Management Flashcards
What is the difference between an information security event and an information security incident?
An information security event is an identified occurrence that possibly represents a breach, while an information security incident is an unwanted or unexpected event that can compromise and damage the company
What is Information Security Incident Management?
The set of processes for detecting reporting and controlling information security incidents
What is the top priority of Incident Management?
Ensure everyone knows what to do in the case of an incident and who to report to
What are the five main phases in the management of an incident?
Reporting, Investigation, Assessment, Corrective Actions, and Review
To capture all necessary information, what should you have to record events?
You should use a standard form (An incident report form)
What is an IRT?
An IRT is an Incident Report Team, a group of experienced members from all over the company’s roles specifically given extra privileges and contacts to be able to deal with incidents
Why is it important to record events?
So that the rest of the team knows what to do during the incident after report, and also to allow for evaluation to improve the plan in the future
What is business continuity?
Business continuity is the measures implemented to allow a company to continue operating after a major incident
What is a BCP?
A BCP is a Business Continuity Plan, and it is the plan that will allow business continuity
What is Disaster Recovery?
When an incident is too major that operations are damaged beyond repair, disaster recovery must be used, using contingency plans and looking for long term goals
How do plans manage to put into consideration most events even if they are unidentified?
They do not look at events but instead possible impacts such as loss of a building, which would include many different events and still allow for disaster recovery or business continuity
What are the main things plan development must think about?
The eventualities/impacts, when a plan must be enacted, and which parts of a DR plan to use