Incident Response, Business Continuity and Disaster Recovery Concepts

Question 1

Incident response priority

Answer 1

To protect life, health and safety.

Question 2

Incident response primary goal

Answer 2

be prepared with an incident response plan

Question 3

Components of incident response plan

Answer 3

-Preparation - Develop a policy approved by management.
Identify critical data and systems, single points of failure.
Train staff on incident response. Implement an incident response team. Practice Incident Identification. (First Response)
Identify Roles and Responsibilities. Plan the coordination of communication between stakeholders.
-Detection and Analysis - Monitor all possible attack vectors.
Analyze incident using known data and threat intelligence.
Prioritize incident response. Standardize incident documentation.
-Containment, eradication and recovery - Gather evidence.
Choose an appropriate containment strategy. Identify the attacker. Isolate the attack.
-Post-incident activity - document, identify evidence that needs to be retained

Question 4

Components of a disaster recovery plan

Answer 4

Executive summary providing a high-level overview of the plan
Department-specific plans
Technical guides for IT personnel responsible for implementing and maintaining critical backup systems
Full copies of the plan for critical disaster recovery team members
Checklists for certain individuals