NIST Incident Response Life Cycle (NIST 800-61)

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/3

flashcard set

Earn XP

Description and Tags

NIST Incident Response Life Cycle (NIST 800-61) for Cisco CyOps Associate

Other Subject

Cisco

CyberOps Associate 1.02

Cybersecurity

12th

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

4 Terms

1
New cards
Step 1 : Preparation
The members of the CSIRT are trained in how to respond to an incident. CSIRT members should continually develop knowledge of emerging threats.
2
New cards
Step 2 : Detection and Analysis
Through continuous monitoring, the CSIRT quickly identifies, analyzes, and validates an incident.
3
New cards
Step 3 : Containment, Eradication, and Recovery
The CSIRT implements procedures to contain the threat, eradicate the impact on organizational assets, and use backups to restore data and software. This phase may cycle back to detection and analysis to gather more information, or to expand the scope of the investigation.
4
New cards
Step 4 : Post-Incident Activities
The CSIRT then documents how the incident was handled, recommends changes for future response, and specifies how to avoid a reoccurrence.