Unit 2 - Module 4

Question 1

Define Playbook

Answer 1

A manual that provides details about any operational action.

Question 2

What does Incident response mean?

Answer 2

Incident response is an organization’s quick attempt to identify an attack, contain the damage, and correct the effects of a security breach.

Question 3

What are the 6 Incident responses in the playbook phase?

Answer 3

1) Preparation
2) Detection and analysis
3) Containment
4) Eradication and recovery
5) Post incident activity
6) Coordination

Question 4

Playbooks sometimes cover what 2 specific things?

Answer 4

Incidents and Vulnerabilities.

Question 5

Define the Preparation phase (1)

Answer 5

Before incidents occur, mitigate potential impacts on the organization by documenting, establishing staffing plans, and educating users.

Question 6

Define the Detection and analysis phase (2)

Answer 6

Detect and analyze events by implementing defined processes and appropriate technology.

Question 7

Define the Containment phase (3)

Answer 7

Prevent further damage and reduce immediate impact of incidents.

Question 8

Define the Eradication and recovery phase (4)

Answer 8

Completely remove artifacts of the incident so that an organization can return to normal operations.

Question 9

Define the Post-incident activity phase (5)

Answer 9

Document the incident, inform organizational leadership, and apply lessons learned.

Question 10

Define the Coordination phase (6)

Answer 10

Report incidents and share information throughout the response process, based on established standards.

Question 11

What can playbooks be used for? ( What kind of incidents, leaks and attacks ) 5 Examples

Answer 11

Open attacks
Privacy incidents
Data leaks
Denial of service attacks
Service alerts
Others