Incident Response Flashcards
What is Incident Reponse?
IR is the process of taking organized and careful steps when reacting to a security incident. Starts from identifying and reporting an incident.
What are the responsibilities of IH&R team?
Incident Handling and Response Team is a group of specialized people who respond, remediate, mitigate, recover and communicate the impact of the incident.
What roles can be identified within the IH&R team?
- Management (decision-maker)
- Information Security Team (incident discovery and containment)
- IT Staff (system/network administrator)
- Physical Security Staff
- Attorney (legal advice)
Who’s the First Responder?
The person who first starts IR process and brings the incident to the attention of others. It may or not be the person you actually reported the incident.
Responsibilities of first responder
Reporting, alerting, containing, identifying, collecting, protecting, documenting; preserving and packaging evidences.
Why having an IH&R process is important?
Planned methodology that produces consistent, repeatable results that you can defend both process-wise and legally.
Summarize IH&R process flow.
- Preparation for incident handling and response.
- Incident recording and assignment.
- Incident triage.
What is included in preparation for incident handling and response?
Scope, management approval, funding, developing the team.
What are the most important features of training IH&R personnel?
- Teach personnel the IR plan
- Rotate team members to build confidence in various roles
- Mock drills
What is included in the incident triage?
- Analysis and validation
- Classification
- Prioritization
