Responding To Incidents Flashcards
security incidents are adverse events that affect the _____, _____, or _____ of data within the organization
security incidents are adverse events that affect the CONFIDENTIALITY, INTEGRITY, or AVAILABILITY of data within the organization
Incident Response Procedures start with what…
a) Reporting the incident
b) Logging the incident
c) preparation to prevent incidents
c) this is often in the form of exercises to simulate an incident and are contained in the Incident response Plan
Which document provides details steps for personnel to use when responding to an incident?
The IRP (Incident Response Plan)
What phase of the Incident Response Process includes creating the Incident Response Plan and establishing procedures to prevent incidents like security controls?
Preparation phase
What 4 phases of an Incident Response Process come after Preparation?
Identification
Eradication
Recovery
Lessons Learned
List the 6 Orders of Volatility in order of most to least
Cache Memory RAM Paging File Data on disk Logs on remote systems Archive media
What would you do before taking a forensic image of a drive?
Run a hash before taking the image so you can compare it to another hash taken after the image capture is complete. This is to ensure the imaging process hasn’t disturbed the data
What important piece of information do you need to know about when reviewing cctv footage? Why?
the record time off-set
So you can calculate the exact time of an event
A ____ __ ____ is a process that provides assurances that evidence has been
controlled and handled properly after collection.
chain of custody
If a company os ordered by a court to retain data, what is the name of this legal maneuver?
a legal hold
If an organization wants to obtain more information about the network and systems during an attack, what strategy can they use? What does it do?
an active logging strategy. It’s simply just increasing the level of logging that systems can record to capture more data.
In a security incident, recording the man-hours and expenses incurred feeds into what type of risk assessment?
Quantitative Risk Assessment