Incident Response Flashcards
What is the first step in the incident response process?
Preparation—having a plan in place to handle potential cybersecurity incidents.
What is an incident response plan (IRP)?
A documented plan outlining how to detect, respond to, and recover from cybersecurity incidents.
What is the second step of the incident response process?
Identification—determining whether an event is indeed a security incident.
What is containment in incident response?
Limiting the damage of a cybersecurity incident and preventing further damage to the system or network.
What is eradication in incident response?
The process of removing the cause of the incident, such as deleting malware or closing vulnerabilities.
What is recovery in incident response?
Restoring and validating system functionality after the threat has been neutralized.
What is a post-incident analysis?
A review of the incident and the response to it, aimed at improving the response plan for future incidents.
What is a security information and event management (SIEM) system?
A solution that provides real-time analysis of security alerts generated by applications and network hardware.
What is an incident response team (IRT)?
A group of experts responsible for preparing for and responding to cybersecurity incidents.
What is a phishing attack in the context of incident response?
A social engineering attack where an attacker sends fraudulent communications that appear to come from a reputable source to steal sensitive information.
What is the role of digital forensics in incident response?
The process of investigating, analyzing, and preserving evidence from a cybersecurity incident.
What is a false positive in incident response?
An alert that indicates suspicious activity when none actually exists, often resulting from over-sensitive detection systems.
