Containment, Mitigation, and Recovery Techniques

0.0(0)
studied byStudied by 0 people
GameKnowt Play
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/8

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

9 Terms

1
New cards

In many cases, one of the first mitigation techniques

will be to quickly block the cause of the incident on the impacted systems or devices. That means you may need to reconfigure end-point security solutions

2
New cards

Application allow lists (sometimes referred to as whitelisting)

list the applications and files that are allowed to be on a system and prevent anything that is not on the list from being installed or run

3
New cards

Application deny lists or block lists (sometimes referred to as blacklists)

list applications or files that are not allowed on a system and will prevent them from being installed or copied to the system

4
New cards

Isolation or quarantine solutions

can place files in a specific safe zone

5
New cards

Monitoring

is a key part of containment and mitigation efforts because security professionals and system administrators need to validate their efforts

6
New cards

Common examples of remediation actions include

  • Firewall rule changes

  • Mobile device management changes

  • Data loss prevention tool changes

  • Content filter and URL filtering capabilities

  • Updating or revoking certificates

7
New cards

Isolation

moves a system into a protected space or network where it can be kept away from other systems

8
New cards

Containment

leaves the system in place but works to prevent further malicious actions or attacks

9
New cards

Segmentation

is often employed before an incident occurs to place systems with different functions or data security levels in different zones or segments of a network