Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

02 Play it safe: Manage Security Risks > WK4 Explore Incident Response > Flashcards

WK4 Explore Incident Response Flashcards

1
Q

Example of Security Analyst using a playbook to address a SIEM Alert like a Malware attack

  1. Assess the Alert
A

This means determining if the alert is actually valid by identifying why the alert was generated by the SIEM. This can be done by analyzing log data and related metrics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Example of Security Analyst using a playbook to address a SIEM Alert like a Malware attack

  1. Actions and tools to use (Containment)
A

the playbook outlines the actions and tools to use to contain the malware and reduce further damage.

For example, this playbook instructs the analyst to isolate, or disconnect, the infected network system to prevent the malware from spreading into other parts of the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Example of Security Analyst using a playbook to address a SIEM Alert like a Malware attack

Eliminate all traces of the incident and restore the affected systems back to normal operations.

A

The playbook might instruct the analyst to restore the impacted operating system, then restore the affected data using a clean backup, created before the malware outbreak.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Example of Security Analyst using a playbook to address a SIEM Alert like a Malware attack

Perform various post-incident activities and coordination efforts with the security team

A

Some actions include creating a final report to communicate the security incident to stakeholders, or reporting the incident to the appropriate authorities, like the U.S. Federal Bureau of Investigations or other agencies that investigate cyber crimes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Playbooks and SIEM tools

A

Playbooks are used by cybersecurity teams in the event of an incident. Playbooks help security teams respond to incidents by ensuring that a consistent list of actions are followed in a prescribed way, regardless of who is working on the case. Playbooks can be very detailed and may include flow charts and tables to clarify what actions to take and in which order. Playbooks are also used for recovery procedures in the event of a ransomware attack. Different types of security incidents have their own playbooks that detail who should take what action and when.

Playbooks are generally used alongside SIEM tools. If, for example, unusual user behavior is flagged by a SIEM tool, a playbook provides analysts with instructions about how to address the issue.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

02 Play it safe: Manage Security Risks (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions