Incident Response Flashcards

1
Q

Events with a negative consequence, such as system crashes, network packet floods, unauthorized use of system privileges, defacement of a web page or execution of malicious code that destroys data.

A

Adverse Events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The loss of control, compromise, unauthorized disclosure, unauthorized acquisition or any similar occurrence where: a person other than an authorized user accesses or potentially accesses personally identifiable information; or an authorized user accesses personally identifiable information for other than an authorized purpose. Source: NIST SP 800-53 Rev. 5

A

Breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Actions, processes and tools for ensuring an organization can continue critical operations during a contingency.

A

Business Continuity (BC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The documentation of a predetermined set of instructions or procedures that describe how an organization’s mission/business processes will be sustained during and after a significant disruption.

A

Business Continuity Plan (BCP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An analysis of an information system’s requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption.

A

Business Impact Analysis (BIA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In information systems terms, the activities necessary to restore IT and communications services to an organization during and after an outage, disruption or disturbance of any kind or scale. 

A

Disaster Recovery (DR)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The processes, policies and procedures related to preparing for recovery or continuation of an organization’s critical business functions, technology infrastructure, systems and applications after the organization experiences a disaster. A disaster is when an organization’s critical business function(s) cannot be performed at an acceptable level within a predetermined period following a disruption.

A

Disaster Recovery Plan (DRP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Any observable occurrence in a network or system. Source: NIST SP 800-61 Rev 2 

A

Event

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A particular attack. It is named this way because these attacks exploit system vulnerabilities. 

A

Exploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An event that actually or potentially jeopardizes the confidentiality, integrity or availability of an information system or the information the system processes, stores or transmits. 

A

Incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The mitigation of violations of security policies and recommended practices. Source: NIST SP 800-61 Rev 2

A

Incident Handling
Incident Response (IR)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The documentation of a predetermined set of instructions or procedures to detect, respond to and limit consequences of a malicious cyberattack against an organization’s information systems(s). Source: NIST SP 800-34 Rev 1

A

Incident Response Plan (IRP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A security event, or combination of security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system or system resource without authorization. Source: IETF RFC 4949 Ver 2 

A

Intrusion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A centralized organizational function fulfilled by an information security team that monitors, detects and analyzes events on the network or system to prevent and resolve issues before they result in business disruptions.

A

Security Operations Center

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Weakness in an information system, system security procedures, internal controls or implementation that could be exploited or triggered by a threat source. Source: NIST SP 800-128. 

A

Vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A previously unknown system vulnerability with the potential of exploitation without risk of detection or prevention because it does not, in general, fit recognized patterns, signatures or methods. 

A

Zero Day