Incident Response Flashcards

1
Q

Describe these Roles and Responsibilities of the IH&R Team:
1) Management
2) Information Security Team
3) IT Staff
4) Physical Security Staff
5) Attorney

A

1) A group of individuals with leadership and decision-making authority.
2) Team that has experience in discovering and containing incidents.
3) Are aware of the information system and network areas.
4) Responsible for the physical security and extent of damage.
5) Individual responsible for providing legal advice.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe these Roles and Responsibilities of the IH&R Team:
1) HR Rep
2) PR Specialist
3) Financial Auditor
4) IR Officer
5) IR Manager
6) IR Assessment Team
7) IR Custodians

A

1) Responsible for handling employee issues.
2) Conveys company details after an incident.
3) Assesses the financial loss to a company after an incident.
4) Reponsible for all actions of the IR Team and IR Function.
5) Receivces the intial IR alerts and lead the IH&R team.
6) A group who make decisions on the classification and severity of the incident.
7) Individual responsible for the remediation and resolution of the incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Who is the First Responder?

A

The individual who arrives first at the crime scene and brings the incident to the attentinon of others.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe the following steps of the IH&R Process:
1) Preperation for IH&R
2) Incident Recording and Assignment
3) Incident Triage
4) Notification
5) Incident Containment
6) Evidence gathering and Forensic Analysis
7) Eradication
8) Recovery
9) Post-incident acitivites

A

1) Involves defining the mission, scope and vision of IH&R. Develops the IH&R Plan.
2) The incident is recorded, escalated and assigned to the IH&R Team.
3) IH&R team classifies incident based on severity, etc.
4) Incident is communicated to internal and external stakeholders.
5) Controlling the effect of the incident after its occurrence.
6) Collect evidence related to the incident
7) The IH&R Team eradicates the root cause.
8) THe IH&R teams restores the affected system(s).
9) Perform activites to improve the response against future attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly