LO4.1 Flashcards
What is the typical five step order to responding to an incident?
Inform those involved
Assess extent of the incident
Contain the incident
Eradicate the incident
Reduce the impact and recover from the incident
What are three examples of who you may inform when responding to an incident?
Customers
Stakeholders
Workers
What is the benefit to assessing the extent of the incident?
It sets a start point to go from so people know what they’re doing when responding to the incident
What are two examples to how you would contain the incident?
Isolating certain sensitive systems or data
Implementing security measures to mitigate additional damage
What are three examples to how you could eradicate the incident?
Delete malware
Disable breached user accounts
Identify all affected hosts
What are three examples of how you could reduce the impact and recover from the incident?
Rebuild systems from scratch
Install patches
Change passwords