Incident Response Flashcards
1
Q
Incident Response Steps (7)
A
Detection-First respontense. differentiate between incident and non-incident
Response- Assess severity and damage. Assemble team. Collect evidence.
Mitigation- Containment
Reporting- Internal and external communications
Recovery- Restore system to fully functioning state
Remediation- Review everything to determine how to prevent incident from happening in future. root Cause analysis.
Lessons learned: Review IR process and determine if any improvements or changes are needed.
2
Q
Security Incident Definition
A
Any attempt to undermine the security of an organization or violation of a security policy is a security incident.