Playbooks

Updates to playbooks if:

-A failure is identified, such as oversight in the outlined polices and procedures or the playbook itself -There is a change in industry standards,such as changes in law or regulatory compliance. -A cybersecurity landscape changes due to evolving threat actor tactics and techniques.

two type of playbooks

1.incident response 2. vulnerability response

antivirus software

A software program used to prevent, detect, and eliminate malware viruses.

Which action can a security analyst take when they are assessing a SIEM alert?

Analyze log data and related metrics

Business Email Compromise

BEC

Once a security incident is resolved , security analyst performs various post-incident-activities and ____ efforts with the security team.

Coordination

A business recently experienced a security breach.Security professionals are currently restoring the affected data using a clean backup that was created before the incident. What playbook does this scenario describe?

Eradication and recovery

Playbooks are permanent,best practice documents, so a security team should not make changes to them.

False

Common steps included in incident and vulnerability playbooks are:

Preparation Detection Analysis Containment Eradication Recovery from incident

incident report

an organization's quick attempt to identify an attack, contain the damage, and correct the effects of a security breach.

Incident and vulnerability response playbooks

commonly used by entry-level cybersecurity professionals

Coordination

involves reporting incidents and sharing information based on established standards.

Playbooks

manual that provides details about any operational action. Essentially, a playbook provides a predefined and up-to-date list of steps to perform when responding to an incident.

You can use playbooks for

open attacks privacy incidents data leaks denial of service attacks service alerts -others