Incident Response Flashcards

1
Q

Incident Response Steps (7)

A

Detection-First respontense. differentiate between incident and non-incident

Response- Assess severity and damage. Assemble team. Collect evidence.

Mitigation- Containment

Reporting- Internal and external communications

Recovery- Restore system to fully functioning state

Remediation- Review everything to determine how to prevent incident from happening in future. root Cause analysis.

Lessons learned: Review IR process and determine if any improvements or changes are needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security Incident Definition

A

Any attempt to undermine the security of an organization or violation of a security policy is a security incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly