Incident Response Preparation Flashcards
Preparation
Detection and Analysis
Containment
Eradication and Recovery
Post-incident Activity
Incident Response Phases
The act of violating an explicit or implied security policy
Incident
Procedures and guidelines covering appropriate priorities, actions, and
responsibilities in the event of security incidents, divided into preparation,
detection/analysis, containment, eradication/recovery, and post-incident stages
Incident Response Procedures
Preparing for an incident response involves documenting your procedures,
putting resources and procedures in place, and conducting training
Make the system resilient to attack by hardening systems, writing policies and
procedures, and setting up confidential lines of communication
Preparation
Determine if an incident has place, triage it, and notify relevant stakeholders
Detection and Analysis
Limit the scope and the magnitude of the incident by securing data and the
limiting impact to business operations and your customers
Containment
Limit the scope and the magnitude of the incident by securing data and the
limiting impact to business operations and your customers
Limit the scope and the magnitude of the incident by securing data and the
limiting impact to business operations and your customers
Analyze the incident and responses to identify whether procedures or systems
could be improved
Post-incident Activity
Data breaches involved private or confidential data usually take priority over other
incidents
Data Criticality
Data that can be used to identify, contact, or impersonate an individual
Personally Identifiable Information (PII)
Information about a subject’s opinions, beliefs, and nature that is afforded
specially protected status by privacy legislation
Sensitive Personal Information (SPI)
Information that identifies someone as the subject of medical records, insurance
records, hospital results, or laboratory test result
Personal Health Information (PHI)
Data stored about bank accounts, investment accounts, payroll, tax returns, credit
card data, and other data about commercial transactions
Payment Card Industry Data Security Standard (PCI DSS) defines the safe handling
and storage of payment card data
Financial Information
Information created by an organization, usually about the products or services
that it makes or provides
Intellectual Property
Confidential data owned by a company like product, sales, marketing, legal, and
contract information
Corporate Information
An information system that processes data critical to a mission essential function
High Value Assets
The team must have a secure method of communication for managing incidents
Communication Plan
Signals that are sent between two parties or two devices that are sent via a path
or method different from that of the primary communication between the two
parties or devices
Out-of-band Communication
Notifications that must be made to affected parties in the event of a data breach,
as required by legislation or regulation
Reporting Requirements
There are 5 distinct types of breaches
Data Exfiltration
Insider Data Exfiltration
Device Theft/Loss
Accidental Data Breach
Integrity/Availability Breach
An attacker breaks into the system and transfers data to another
system
Data Exfiltration
An employee or ex-employee with privileges on the system transfers
data to another system
Insider Data Exfiltration
A device, such as a smartphone or laptop, containing data is lost or
stolen
Device Theft/Loss
Public disclosure of information or unauthorized transfer caused by
human error or a misconfiguration
Accidental Data Breach
