Security Operations: Examining the incident response process and activities Flashcards
What is the incident response process?
What is the incident response process?
The National Institute for Standards and Technology (NIST) categorizes the incident response lifecycle into several phases:
Preparation
Detection
Analysis
Containment
Eradication
Recovery
Lesson Learnt
What involves in preperation?
Preparation: Involves establishing policies, procedures, and resources to rapidly respond to, and mitigate, security incidents efficiently, ensuring readiness for potential threats.
What involves Detections?
Detection: Focuses on continuously monitoring systems and networks to identify signs of security incidents and promptly identifying their occurrence within a network or system.
What involves in Analysis?
Analysis: Involves an in-depth examination and assessment of detected incidents to determine their nature, impact, and scope, aiding in the development of an effective response strategy.
What is Containment?
Containment: Focuses on isolating and limiting the scope of a security incident to prevent further damage or unauthorized access.
What is Eradication?
Eradication: Involves permanently removing the causes of a security incident from the affected systems and network to prevent recurrence.
What is Recovery?
Recovery: Involves restoring affected systems and services to normal operation while also implementing improvements to prevent similar incidents in the future.
What is Lesson Learned?
Lessons learned: Involves the systematic review and documentation of the incident, including its causes, responses, and outcomes. This enables extraction of valuable insights that inform future security enhancements and incident preparedness.
What activities include in Incident-response activities?
Incident-response activities include:
Root-cause analysis: Identifies the underlying factors or vulnerabilities that led to a cybersecurity incident, enabling organizations to address fundamental issues and improve security defenses.
Tabletop: A process where participants discuss and practice their response to potential incidents in a structured environment. This helps organizations assess their preparedness and identify areas for improvement with their incident-response plans and procedures.
Threat hunting: A proactive security practice that involves the active and continuous search for signs of malicious activity within a network or system, aiming to detect and mitigate threats prior to them causing significant harm. This security practice may happen during the detection and analysis phase of incident response.