Incident Response Preparation Flashcards
Preparation
Detection and Analysis
Containment
Eradication and Recovery
Post-incident Activity
Incident Response Phases
The act of violating an explicit or implied security policy
Incident
Procedures and guidelines covering appropriate priorities, actions, and
responsibilities in the event of security incidents, divided into preparation,
detection/analysis, containment, eradication/recovery, and post-incident stages
Incident Response Procedures
Preparing for an incident response involves documenting your procedures,
putting resources and procedures in place, and conducting training
Make the system resilient to attack by hardening systems, writing policies and
procedures, and setting up confidential lines of communication
Preparation
Determine if an incident has place, triage it, and notify relevant stakeholders
Detection and Analysis
Limit the scope and the magnitude of the incident by securing data and the
limiting impact to business operations and your customers
Containment
Limit the scope and the magnitude of the incident by securing data and the
limiting impact to business operations and your customers
Limit the scope and the magnitude of the incident by securing data and the
limiting impact to business operations and your customers
Analyze the incident and responses to identify whether procedures or systems
could be improved
Post-incident Activity
Data breaches involved private or confidential data usually take priority over other
incidents
Data Criticality
Data that can be used to identify, contact, or impersonate an individual
Personally Identifiable Information (PII)
Information about a subject’s opinions, beliefs, and nature that is afforded
specially protected status by privacy legislation
Sensitive Personal Information (SPI)
Information that identifies someone as the subject of medical records, insurance
records, hospital results, or laboratory test result
Personal Health Information (PHI)
Data stored about bank accounts, investment accounts, payroll, tax returns, credit
card data, and other data about commercial transactions
Payment Card Industry Data Security Standard (PCI DSS) defines the safe handling
and storage of payment card data
Financial Information
Information created by an organization, usually about the products or services
that it makes or provides
Intellectual Property
Confidential data owned by a company like product, sales, marketing, legal, and
contract information
Corporate Information