5.4 Incident Response Procedures

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

IRP (Incident Response Plan)

The procedures documented in an incident response policy.

CIRT (Cyber-Incident Response Team)

A group of experts who respond to security incidents.

Exercise

A method of preparing for incident response that intends to test how all members of the CIRT respond.

Preparation

A phase of Incident Response that occurs before an incident and provides guidance to personnel on how to respond to an incident.

Recovery

A phase of Incident Response where administrators return all affected systems to normal operation and verify they are operating normally.

Eradication

A phase of Incident Response where personnel remove components from the attack. This follows after containment.

Identification

A phase of Incident Response where personnel take the time to verify it is an actual incident.

Containment

A phase of Incident Response where security personnel attempt to isolate the part of the system that is affected by the incident.

Reporting Requirements/Escalation

A section of an IRP that describes how and to whom an incident should be reported to.

Documented Incident Types

A section of an IRP that helps employees identify the difference between an event and an actual incident.

Roles and Responsibilities

A section of an IRP that identifies the specific duties of individuals in the CIRT along with their responsibilities.

Lessons Learned

The last phase of Incident Response, where security personnel evaluate and review the incident in order to determine future plans of response.

Incident Response Process

The phases of incident response, including preparation, identification, containment, eradication, recovery, and lessons learned.


Ensembles d'études connexes

Anticoagulant, Antiplatelet, & Thrombolytic Drugs

View Set

UNIT 4 Ch. 26: REVIEWING THE LESSON

View Set

Lección 10 | Gramática 10.1 | The imperfect tense | ¡Pobre Miguelito!

View Set

Finance 425 Final - Unit 3 Material Investors are slow to update their beliefs when given new evidence.

View Set