Shared Flashcard Set

Details

CompTIA Sec+ 5.4
Incident response procedures
23
Computer Science
Professional
12/01/2018

Additional Computer Science Flashcards

 


 

Cards

Term
Incident response plan
Definition
- Documented incident
types/category definitions
- Roles and responsibilities
- Reporting requirements/escalation
- Cyber-incident response teams
- Exercise
Term
Documented incident
types/category definitions
Definition
-External / Removable media
-Attrition or brute force
-Web based
-Email attack - attachment
-Improper Usage deviation from AUP
-Theft of Equipment
Term
Roles and responsibilities
Definition
IT Security Mgmt
Compliance officers
Tech Staff
USers
Term
Reporting requirements/escalation
Definition
-Contact List
-CIO
-Information Security Officer
-Response Teams
-Human resources
-Public affairs
-Legal Department
External
-System Owner
-Law Enforcement
-US-CERT
-Involved 3rd Parties
Term
Cyber-incident response teams (CIRT)
Definition
-Specialized group trained to deal with security
-May not be part of the formal organizational structure
-May be a group of people that are brought together when an incident occurs
Term
Exercise
Definition
-Scheduled update sessions
-perform them annually or semiannually
- perform some tests prior to an actual incident
-well-defined rules of engagement
Term
Incident response process
Definition
- Preparation
- Identification
- Containment
- Eradication
- Recovery
- Lessons learned
Term
Incident response process - Preparation
Definition
-NIST Special Publication 800-61
-COmmunication methods phones contact info
-Incident handling software
-Established policy
-how you can detect and analyze that an incident has occurred
-how to contain eradicate and recover from an incident
-post-incident activities
-warning that attacks will occur
Term
Incident response process - Identification
Definition
-Difficult to detect
-Requires experienced individual with extensive knowledge
-web server logs

-DIfferent detection sources, levels of detail. levels of perception
Term
Containment
Definition
-isolate infected systems from the rest of the network
-Attempt to Sandbox affected system
-malware may delete itself and everything else if internet connection is lost
Term
Eradication
Definition
-disable affected user accounts
-fix vulnerabilities
-wipe system and rebuild from back up
-wipe system and rebuild from scratch
Term
Recovery
Definition
-Reconstitution starts with recovering systems that can be done quickly
-can implement new firewall policies
-install patches
Term
Lessons learned
Definition
-perform as soon as possible after incident
-asking questions and documenting the incident
-evaluate how your incident plans were able to be executed
-make some changes to make the process more efficient
-are there other precursors we should be following to prevent future incidents
Term
Information Impact Categories
Definition
None -No information Exfiltrated, changed, deleted or compromised
Privacy Breach - PII was accessed/exfiltrated
Proprietary Breach - Unclassified Proprietary Information - Protected critical infrastructure information PCII accessed or exfiltrated.
Integrity Loss - Sensitive or proprietary information was changed or deleted.
Term
Recoverability Effort Categories
Definition
-Regular: Time to recover predictable using existing resources
-Supplemented: Time to recover predictable but requires more resources
-Extended: Time to recover unpredictable; additional resources and outside help required
-Not Recoverable: Recovery not possible, data exfiltrated and posted publicly or exported to foreign gov't.
Term
Team Models
Definition
Central Incident Response Team
Distributed Incident Response Team
Coordinating Team
Term
Central Incident Response Team
Definition
-One team handles all incidents for an organization no matter where it occurs
Term
Distributed Incident Response Team
Definition
-Different teams in different geographic locations.
Term
Coordinating Team
Definition
A team used to coordinate efforts of other incident response teams
Term
Staffing Model
Definition
-Internal Employees
-Partially Outsourced
-Fully Outsourced
Term
Outsourcing Considerations
Definition
-Current work quality vs future work quality (employee rollover)
-Division of responsibility
-Exposure of sensitive information
-Lack of company specific knowledge (Tribal Knowledge)
-Decrease in skill for in-house basic incident response handling
Term
Qualitative Analysis
Definition
-Analysis that uses a numerical scale to evaluate probability of risk and the impact
-Monetary value is not assigned
Term
Quantitative Analysis
Definition
-Assigns an exact monetary value to assets
-Tries to predict expected annual loss in dollars for each risk
-Evaluates and prioritizes based on cost likely to be incurred vs cost of protection
Supporting users have an ad free experience!