Incident Response

Question 1

Incident Response Steps (7)

Answer 1

Detection-First respontense. differentiate between incident and non-incident

Response- Assess severity and damage. Assemble team. Collect evidence.

Mitigation- Containment

Reporting- Internal and external communications

Recovery- Restore system to fully functioning state

Remediation- Review everything to determine how to prevent incident from happening in future. root Cause analysis.

Lessons learned: Review IR process and determine if any improvements or changes are needed.

Question 2

Security Incident Definition

Answer 2

Any attempt to undermine the security of an organization or violation of a security policy is a security incident.