Lesson 12 -- Verified Flashcards
SECURITY INCIDENT
INSTANCE OF A RISK EVENT OCCURRING
Does a security incident have to cause damage
No
Security Incident Management
Practices and procedures that govern how an organization will respond to an incident
What is the goal of incident management
Contain the incident
Minimize the damage
Includes procedures to log, report on and the actions taken in the response
IRP
Incident Response Policy
- Who determines and declares if an incident occurred
- Who will be notified
- How and When they will be notified
- Guidelines for the appropriate response
What is a first responder
Experienced personnel that arrives on the scene of the incident
What is change management
A systematic way of approving and executing change in order to ensure max security, stability, and availability
An organization must be able to for incidents
Properly assess risk
Quantify cost of training
Support
Maintenance
Weigh the benefits of the proposed change
A forensics process should
Inform responders how to properly investigate an incident to avoid legal issues
What is the basic forensic process
First responders arrive
Secure the area
Document the scene
Perform eDiscovery
Collect any other evidence and data
Preserve the chain of custody
Have proper data transport procedures
Report you forensic findings
Follow legal hold procedures if needed
Name some ways of securing a physical location
Put up signs
Lock doors
Name some ways of securing a digital location
Take the system offline
Put the single device in a secure location
Who should start documenting the scene
First Responders
What is eDiscovery
Electronic aspect of identifying, collecting, and producing electronically stored information in response to a request in a lawsuit
ESI
Electronically Stored Information
