Module 1: Introduction to Incident Response and Handling

Question 1

What is a Computer Security Incident

Answer 1

A computer security incident might be any real or suspected adverse event in relation to the security of computer systems or networks

Question 2

Types of Security Attacks

Answer 2

1. Repeated unsuccessful login attempts
2. Unavailability of services due to DDoS
3. Unintentional modifications to software/hardware/firmware
4. Unauthorized use of systems
5. System and application crashes
6. Unauthorized use of other user’s accounts
7. Gaining admin privilege to perform unauthorized access

Question 3

Five levels of Data Classification

Answer 3

1. Top Secret
2. Highly confidential Information
3. Proprietary Information
4. Information of Internal Use
5. Public documents

Question 4

What is Information System

Answer 4

It is a computer system that modifies the raw data into useful information to attain specific goals for an organization or an individual

Question 5

What is Information Owner

Answer 5

This is a person who first creates, or initiates the creation or storage of the data

Question 6

What is Information Custodian

Answer 6

This is a person who controls and implements security required to protect the information assets classified by the information owner

Question 7

Different forms of information warfare

Answer 7

1. Hijacking television and radio transmissions
2. Jamming television and radio transmissions
3. Disabling logistics networks
4. Spoofing or disabling the communication networks

Question 8

Weapons in information warfare

Answer 8

• Viruses
• Worms
• Trojan Horses
• Logic Bombs
• Trap Doors
• Rootkits
• Chipping
• Nano machines and Microbes
• Electronic jamming

Question 9

What are the Key Concepts of Information Security

Answer 9

Confidentiality
Integrity
Availability

Question 10

How is Confidentiality maintained?

Answer 10

Through user’s authentication and access control

Question 11

What does integrity refer to?

Answer 11

The reliability and trustworthiness of the information

Question 12

What is a vulnerability

Answer 12

It is a flaw or weakness in the system, if exploited, might result in undesirable events such as compromise of security, violation of system integrity, etc.

Question 13

Examples of a vulnerability

Answer 13

• Weak passwords
• Software bugs
• Virus or malware
• Script code injection or a SQL injection

Question 14

What is a threat

Answer 14

It is an event, person, or circumstance that has the ability to damage the system by altering, deleting, disclosing of confidential information

Question 15

What is an attack

Answer 15

Attack is the deliberate action of causing harm to the computer systems by exploiting known vulnerabilities and threats

Question 16

What are the types of Computer Security Incidents

Answer 16

1. Malicious code or Insider Threat Attacks
2. Unauthorized Access
3. Unauthorized Use of Services
4. Espionage
5. Fraud and Theft
6. Employee sabotage and abuse
7. DoS
8. Misuse

Question 17

Typical indications of security incidents

Answer 17

• Failed logon attempts and creation of new user accounts
• The IDS, IPS, firewalls, and system alerts
• Log entries and audit files showing suspicious entries
• Network slowdown, DoS attacks, and denial of login to legitimate users
• Detecting of network traffic capturing devices like sniffers on the network
• Unusual system crashes or poor system performance
• Unusual occurrence of the security incident
• Unusual usage patterns

Question 18

What is a Precursor Incident

Answer 18

Indicates the possibility of occurrence of a security incident.

Question 19

What is a Indication Incident

Answer 19

Implies that an incident has probably occurred or is in progress.

Question 20

Low level Incidents

Answer 20

• Loss of personal password
• Unsuccessful scans and probes in the network
• Request to review security logs
• Presence of any computer virus or worms
• Failure to download anti-virus signatures
• Suspected sharing of the organization’s accounts
• Minor breaches of the organization’s acceptable use policy
• Compromise of the system password
• Unknown sharing of the company’s account
• Misuse of the computer peripherals

Question 21

Middle Level Incidents

Answer 21

• In-active external/internal unauthorized access to systems
• Unfriendly employee termination
• Localized worm/virus outbreak
• Breach of the organization’s acceptable usage policy

Question 22

High Level Incidents

Answer 22

• DoS attacks
• Suspected break-in in any computer of a company
• The presence of harmful malware
• Cyber terrorism

Question 23

What are the two factors to prioritize an incident

Answer 23

Technical effect & criticality of the affected resources

Question 24

What is the goal of Incident Response

Answer 24

To handle the security incident in such a way that it reduces the damage and minimizes the cost and time to recover from the incident

Question 25

Who is in charge of Incident response

Answer 25

The Incident Response Team of the organization

Question 26

What is Incident Handling

Answer 26

It refers to a set of procedures and policies used to prepare for, detect, and overcome security incidents in an organization

Question 27

What is Incident Reporting

Answer 27

The process of reporting the information regarding the encountered security breach in a proper format.

Question 28

What is the time frame to handle incidents if they are a low-level incident

Answer 28

1 working day

Question 29

What is the time frame to handle incidents if they are a middle-level incident

Answer 29

Within a few hours on the same day of its occurrence

Question 30

What is the time frame to handle incidents if they are a high-level incident

Answer 30

These incidents are to be handled immediately