Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CYBF 675 - Quiz 3 > Module 5 - Incident Response Cycle > Flashcards

Module 5 - Incident Response Cycle Flashcards

Characterize the National Incident Response (IR) Plan Evaluate the strengths and weaknesses of triaging incident response data and what is necessary to have that data incorporated into a national-level IR plan Create a port-to-process map Explain how the Federal Rules of Evidence impact the use of tools

1
Q
  • Phases of National Incident Response Plan
A 
Prevent & Protect
Detect
Analysis
Respond
Resolve
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  • Overarching themes of NIRP
A

coordination across landscape and common operational picture (COP).

  • Requires active participation
  • not just within an organization
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  • COP (acronym)
A

common operation picture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Risk Alert System Tiers

A

guarded
elevated
substantial
severe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  • Triage
A

Part of detection phase

Way to get around problem of large amounts of data

In order for it to work:

1) triage must be reliable
2) must be customized for organization

To integrate results at national, must have common framework (ontology)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Incident Response Stages

A

Preparation
Incident Identification
Treatment of Incident
Post-mortem

(iterative, more prep reduces other steps)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

NIST Four Stage

A

Preparation
Detection and Analysis
Containment, eradication, and recovery
Post-incident recovery

Others:
Preparation
Identification
Containment
Eradication
Recovery
Lessons Learned/Follow-up
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

National Cyber IR Plan

A
  • Headed by DHS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Coordination

A
  • owner/operator of critical infrastructure and key resources focused on containment and recovery
  • Federal partners may be focused on attribution & prosecution
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

NCCIC

A

National Cybersecurity and Communications Integration Center (Prevent and Protect)

monitors:
threats, vulnerabilities, disruptions, and intrusions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Detect phase

A

owners work independently within their IR programs, when appropriate in partnership with others

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Analysis

A

determine whether incident was malicious or unintentional
3 Phase Assessment: impact, scope, severity
rolling up information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Response

A

Mutual agreement

each org in Significant Cyber Incident has role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

National Cyber Risk Alert Levels

NCRAL

A

1 - Severe
2- Substantial
3 - Elevated
4 - Guarded

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Significant cyber Incident

A

a set of conditions in the cyber domain that requires increased national coordination
- triggered when the NCRAL system reaches level 2.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

8 Universal Responsibilities

A 
preparedness
engage nccic
plan
organize
equip
train
exercise
evaluate and improve

CYBF 675 - Quiz 3 (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions