Incident Response, Business Continuity and Disaster Recovery Concepts Flashcards
Incident response priority
To protect life, health and safety.
Incident response primary goal
be prepared with an incident response plan
Components of incident response plan
-Preparation - Develop a policy approved by management.
Identify critical data and systems, single points of failure.
Train staff on incident response. Implement an incident response team. Practice Incident Identification. (First Response)
Identify Roles and Responsibilities. Plan the coordination of communication between stakeholders.
-Detection and Analysis - Monitor all possible attack vectors.
Analyze incident using known data and threat intelligence.
Prioritize incident response. Standardize incident documentation.
-Containment, eradication and recovery - Gather evidence.
Choose an appropriate containment strategy. Identify the attacker. Isolate the attack.
-Post-incident activity - document, identify evidence that needs to be retained
Components of a disaster recovery plan
Executive summary providing a high-level overview of the plan
Department-specific plans
Technical guides for IT personnel responsible for implementing and maintaining critical backup systems
Full copies of the plan for critical disaster recovery team members
Checklists for certain individuals