Incident Response Process Flashcards
What is an Incident?
act of violating an explicit or implied security policy.
What are Incident Response Procedures?
Guidelines for handling security incidents
What are the 7 Phases of the CompTIA Incident Response Cycle?
- preparation
- detection
- analysis
- containment
- eradication
- recovery
- post-incident activity or lesson learned
Explain Preparation in the incident Response Lifecycle
Involves strengthening systems and networks to resist attacks
Done for getting ready for future incidents to occur
Explain Detection in the Incident Response Lifecycle
Identifies security incidents
Explain Analysis in the Incident Response Lifecycle
Involves a thorough examination and evaluation of the incident
Explain Containment in the Incident Response Lifecycle
Limits the incidents impact by securing data and protecting business operations
Explain Eradication in the Incident Response Lifecycle
Happens right after containment and aims to remove the malicious activity from a system or network
Explain Recovery in the Incident Response Lifecycle
Restores systems and services to their secure state after an incident
Explain Post-incident activity or lesson learned in the Incident Response Lifecycle
occurs after the system has been contained and malicious activity was eradicated and the system is fully recovered
What is the Root Cause Analysis?
Identifies the incidents source and how to prevent it in the future
4 step process:
1. Define/scope the incident
2. Determine the causal relationship that led to the incident
3. Identify an effective solution
4. Implement and track the solutions
What is the Lessons Learned Process?
Document experiences during incidents in a formalized way
What is After-Action Report?
Formalized report that collects information about what happened.