Section 6 Incident Response
Studied by 0 people
Knowt Play
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/14
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
15 Terms
Incident Response Plans
provides structure during cybersecurity incidents and describes the policies and procedures governing cybersec incidents
Prior Planning
leads to a strong incident response
Incident Response Plan Elements
Statement of purpose
Strategies and goals for incident response
Approach to incident response
Communication with other groups
Senior leadership approval
Incident Response Teams must
have personnel available 24/7.
IR teams should be
worked with regularly, not just went an incident occurs
People in building an IR team
Management
Info sec teams
Subject Matter experts
Legal Counsel
Public Affairs
HR
Physical Security
Contractual details should be
worked out in advance of an incident
Communications Plans
ensure that all participants have timely accurate information
External communications to trusted parties
should be limited
The choice to involve law enforcement in an incident
is not required
Always involve your org’s legal team
True
Monitoring
is crucial to effective incident identification
Security Incident and Event Management (SIEM)
security solution that collects information from diverse sources, analyzes it for signs for security incidents and retains it for later use.
The first report of an incident may come from
external sources
The highest priority of a first responder
must be containing damage through isolation