Incident Response Planning 5.4 Flashcards

1
Q

Security Incidents

A

Users will click bad emails and execute malware. You may get DDoS’d, or confidential information will get stolen, or users will install peer-to-peer software and allow external access to internal servers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Roles and Responsibilities

A

Incident Response Team - Specialize group, trained and tested.

IT Security Management - Corporate support

Compliance Officers - Intricate knowledge of compliance rules

Technical Staff - Your team in the trenches

User Community - They see everything

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Incident Notification

A

Create a contact list of all the people who you need to be in touch with. There will be people in corporate, IT, non-IT, legal, public affairs, and external contacts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Cyber-Incident Response Team (CIRT)

A

Receives, reviews, and responds. This is a predefined group of professionals. Determine what type of events will require a CIRT response. The CIRT may not be part of the organizational structure. It is a team you pull together on an as need basis. It focuses on incident response, analysis, and reporting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Exercises

A

Test your team during exercises before an actual event occurs. Use well-defined rules of engagement. Do not touch your production systems. Make the scenario very specific. This will be a tabletop exercise. Evaluate and discuss after.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly