Manage Security Risks Flashcards
module four
What is a playbook in the context of cybersecurity?
A manual that provides details about any operational action.
What is incident response?
A manual that provides details about any operational action.
What is incident response?
An organization’s quick attempt to identify an attack, contain the damage, and correct the effects of a security breach.
How are playbooks used in conjunction with SIEM tools?
Playbooks provide analysts with instructions about how to address issues flagged by SIEM tools
What are SOAR tools used for?
To automate repetitive tasks generated by tools such as a SIEM or managed detection and response (MDR).
When should playbooks be updated?
When a failure is identified, industry standards change, or the cybersecurity landscape evolves.
What is the purpose of the preparation phase in an incident response playbook?
To document procedures to be followed in the event of a security breach, establish staffing plans, and educate employees.
What does the detection and analysis phase involve in an incident response playbook?
Using tools and strategies to determine whether a breach has occurred and to evaluate its potential magnitude.
What is the goal of the containment phase in an incident response playbook?
To prevent further damage and reduce the immediate impact of a security incident.
What happens during the eradication and recovery phase of an incident response playbook?
Restoring affected data using a clean backup created before the incident.
What is the focus of the post-incident activity phase in an incident response playbook?
To document the incident, learn from it, and implement improvements to enhance overall security posture.
How do playbooks help ensure compliance with laws and regulations?
By providing detailed actions for security teams to follow, ensuring consistent and compliant responses to incidents.
What is a common misconception about playbooks?
That they should not be updated; in reality, they should be treated as living documents and updated frequently.
How do playbooks contribute to business continuity plans?
By outlining steps to recover and continue operations despite disruptions like security breaches.
What are the common steps included in incident and vulnerability playbooks?
Preparation, Detection, Analysis, Containment, Eradication, Recovery, and Post-incident activities