LO4.2

Question 1

What are the twelve components of a typical cyber security incident report?

Answer 1

Title and Date
Target of incident
Incident category
Description of incident
Type of attacker
Purpose of incident
Technique(s) used by attacker(s)
Capability of attacker(s)
Impact of incident
Cost of incident
Responses needed
Future management

Question 2

Why is the date important for a cyber security incident report?

Answer 2

So it can be cross-referenced with other activity such as updates

Question 3

What could be noted for the target of the incident?

Answer 3

Whether the incident was targeted upon the organisation, a particular department or just an individual or if the target was upon hardware, software, information

Question 4

What are the four incident categories?

Answer 4

Critical
Significant
Minor
Negligible

Question 5

What are three examples of what may be considered for the description of the incident?

Answer 5

What specific problem did it create
How is discovered
What type of incident it was

Question 6

What are three examples of what could be considered for the type of attacker?

Answer 6

Was it internal
External
One person or a group

Question 7

What are three examples of what could be considered for the purpose of incident?

Answer 7

Was it for financial gain
Political advantage
Destruction of reputation

Question 8

What are three examples of what could be considered for the impact of the incident?

Answer 8

Business
Data
Recovery time

Question 9

What are the two main examples of what could be considered for the cost of the incident?

Answer 9

Financial
Reputation

Question 10

What are three examples of what could be considered for future management?

Answer 10

Review of incident
Analysis to evaluate trends
Updates of key information and procedures