Module 09 Incident Response Planning and Procedures

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

In most cases, how many severity levels do organizations follow?

3

lessons learned report

A report that includes all weaknesses that were uncovered and what changes were made to address them.

incident summary report

A report that provides the details of the entire cyber incident from initial detection to final correction and follow-up.

prevent the inadvertent release of information

Avoiding providing information unintentionally.

Which of the following is NOT a communications best practice strategy?

Contact local news media before the word leaks out.

Intellectual property

Creations of the mind, such as inventions, literary and artistic works, designs, and symbols; names; and images used in commerce.

What is the act of violating an explicit or implied security policy that may or may not be successful?

Cyber incident

Kaitlyn is creating an incident response plan. Who should first be notified in the event of a cyber incident?

Cyber incident response team

Personally identifiable information (PII)

Data that could identity a specific individual.

Corporate information

Data that is confidential to the organization.

What is the first step in determining the detection and analysis phase of incident response?

Deciding if what occurred was a cybersecurity incident

Anabelle needs to eradicate malware from a hard drive. Which should she NOT do?

Delete the files from the hard drive by using the Quick Format option.

verification of logging/communication to security monitoring

Ensuring that a system is being monitored correctly.

regulatory bodies

Entities that are responsible for providing regulatory oversight.

Eva is researching which law enforcement agency to contact in the event of different types of cyber incidents. Which law enforcement agency should be contacted no matter the type of incident?

FBI

True or False: The first step in incident response is to determine if an actual attack did occur.

False

What does IR stand for?

Incident Response

High value asset (HVA) information

Information critical to an organization so that its loss or corruption would have serious impact to the organization's ability to perform its mission or conduct business.

training

Instruction and coaching.

Viola is examining data that was compromised during a recent attack. Into which category would a password number be classified?

PII

continue monitoring

Persistently watching for attacks.

If an incident occurs and you need to report it publicly, which of the following team should be involved?

Public relations

internal and external entities

Stakeholders who are both part of the organization and those who are outside of it.

disclosing based on legislative requirements

State legislative mandates regarding communication that must be satisfied based on a data breach.

reporting requirements

State notification laws mandating that users be promptly notified in the event of a data breach.

data integrity

The correctness and completeness of data.

Recovery time

The length of time needed for IT systems to be disinfected and return to their normal functions.

downtime

The length of time that a cybersecurity incident interrupts the normal business processes.

restoration of capabilities and services

The necessary procedures for recovery of the systems back to their necessary performance.

evidence retention

The process of retaining artifacts after a cybersecurity incident.

vulnerability mitigation

The steps to reduce or eliminate the vulnerabilities.

Financial information

The storage, processing, and transmission of information related to a financial transaction.

Which of the following is NOT a reason for communications in a cyber incident?

To allow for unplanned release of information

True or False: A cyber incident is the act of violating an explicit or implied security policy whether or not it is successful.

True

True or false: Incident response is a process in which an organization manages to handle an attack, which could be of any nature.

True

True or false: Only relevant information is shared with a stakeholder.

True

True or false: The vulnerability mitigation method may consist of many methods for handling vulnerabilities.

True

True or false: To prevent any kind of threat to a system, its applications, and operating system, you need to ensure that the system is regularly patched.

True

What does MTD stand for?

maximum tolerable downtime

As part of the incident response plan, which of the following should be documented?

- Communication plans - Governance methods - Agreements - Procedures

Which of the following are methods of sanitization?

- Data Disposal - Low-level Format - Degaussing

Which of the following are types of Isolation?

- Isolating the affected systems - Isolating the attacker

Which of the following are examples of high-value assets (HVA)?

- Servers - Employee records - Web applications - Network devices

Which of the following information is part of PII?

- Credit card number - Email address - Passport number - Place of birth

What is the best way for an organization to limit adverse public reactions to a cyber incident?

By controlling the conversation

Kristin is reviewing the impact of a recent attack and found that it only caused a seldom-used test server to be taken offline for short period of time. She has decided that this incident does not deserve a high priority ranking. What scope of impact has she used in making this determination?

System process criticality

For internal communications, which two categories are often used?

Technical and management

change control process

A formal process for recording changes to a system.

sanitization

A method that performs a complete data destruction of all contents of a drive by replacing data on the drive by writing other data over it.

segmentation containment technique

Allowing a compromised device to talk to the threat actor C&C system but filtering the communication.

Personal health information (PHI)

Also called protected health information, it is information as it relates to a person's health data, transactions, and history. Also called protected health information.

reimaging

Applying a saved image to a sanitized hard drive.

Which of the following is NOT an example of intellectual property?

Brand Image

Isabella has been asked to research HIPAA requirements for her employer. Which of the following is false regarding HIPAA?

HIPAA only applies to information in electronic format.

(incident response plan update)

Evaluating the different actionable goals of the incident response plan to determine if updates need to be made.

senior leadership

Executive-level managers.

True or False: Most but not all states have notification laws requiring that users be promptly notified in the event of a data breach.

False

True or false: Personally identifiable information (PII) identifies an organization.

False

disclosing based on regulatory requirements

Federal regulatory requirements that mandate communication from an organization if a specific cyber event occurs.

reconstitution of resources

Fully integrating a device back into the system.

Pat is researching requirements for communicating with affected parties in a cyber incident. What requirement would Pat find that is in place in the European Union (EU)?

GDPR

Which of the following is not a reason for contacting law enforcement agencies in the event of a cyber incident?

Identifying threat actors often leads to no arrests or convictions.

Sensitive Personal Information (SPI)

Information that does not directly identify an individual but is related to an individual and communicates information that is private or could potentially harm an individual should it be made public.

Containment

Keeping a cybersecurity incident under control by limiting its impact.

Which of the following is false regarding state legislative mandates about communication in a cyber incident?

Only California has a state security breach notification law.

public relations

Organizational department charged with addressing the public to minimize negative publicity.

legal

Organizational department that handles legal matters for ensuring compliance with laws and regulations.

human resources

Organizational department that handles the human assets.

isolation containment technique

Permitting a compromised device to continue to function but directing all network communication to a sinkhole.

Adamo has been asked to create a new cyber incident response plan. What will be the final phase in the plan?

Post-Incident

restoration of permissions

Reapplying permissions.

What is the rebuilding of a system called?

Reconstruction

documentation of procedures

Recording of all phases of incident response procedures.

Which of the following scopes of impact describes the length of time needed for IT systems to return to their normal functions?

Recovery time

reconstruction

Restoring a sanitized hard drive.

limiting communication to trusted parties

Restricting communications to trusted parties who are stakeholders.

use a secure communication method

Sending information in such a way as to avoid any inadvertent release of information.

Rico is developing a list of personnel who may be asked to serve on a cyber incident response team. Who will have the responsibility of helping the team to focus on minimizing damage and recovering quickly from a cyber incident?

Team leader

system process criticality

The degree to which the impacted systems affect the overall functionality of the entire system.

secure disposal

The destruction of a hard drive.

eradication

The elimination of an infection.

(economic impact)

The financial effect of an incident.

Why is financial information data considered to have a high value?

The loss of accounting data prevents an organization from providing stakeholders an accurate picture of its financial health.

characteristics contributing to severity level classification

The scope of the impact of cybersecurity incidents that can reveal the severity level.


संबंधित स्टडी सेट्स

Innate Immunity: Practice questions

View Set

BIB1006: OT Law and History Exam #3

View Set

Chapter 12 Assessment and Care of Patients with Problems of Acid base balance

View Set

Recordkeeping and Trust Accounts- 1

View Set