cysa+ch5

pdf

School

Miami Dade College, Miami *

*We aren’t endorsed by this school

Course

1060C

Subject

Information Systems

Date

Apr 3, 2024

Type

pdf

Pages

1

Uploaded by DukeBuffalo3728

Report
CYSA+ Chapter 5 Any observable occurrence that relates to a security function. What is a security event? A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. What is a security incident? Computer Security Incident Response Team. They are responsi- ble for responding to computer security incidents that occur within an organization by following standardized response procedures and incorporating their subject matter expertise and professional judgement. What is a CSIRT? Preparation, Detection and Analysis, Containment Eradication and Recovery, and Post-Incident Activity What are the four steps to incident response? It is mostly just preparation for the possibility of a security incident. This includes building strong cybersecurity defenses to reduce the likelihood and impact of future incidents. What does the incident response preparation phase include? This phase is mostly about the initial detection of the incident as well as the CSIRTs process of analyzing it. What does the incident response detection and analysis phase include? Alerts from various systems, Logs, Publicly Available Information, and People What are the four main indicators of a security event? 1. Select a containment strategy appropriate to the incident cir- cumstances. 2. Implement the selected containment strategy to limit the dam- age caused by the incident. 3. Gather additional evidence, as needed to support the response effort and potential legal action. 4. Identify the attacker(s) and attacking system(s). 5. Eradicate the effects of the incident and recover normal busi- ness operations. What are the main goals of the incident response containment, eradication, and recovery phase? Lessons-Learned Review and Evidence Retention What are the two major goals of the incident response post-inci- dent phase? It serves as the cornerstone of an organization's incident re- sponse program. It is meant to guide efforts at a high level and provide the authority for incident response. What is the purpose of the Incident Response Policy? 1 / 1
Discover more documents: Sign up today!
Unlock a world of knowledge! Explore tailored content for a richer learning experience. Here's what you'll get:
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

MSFKB4013_AE_Pro_2of4.docx
new_Skills_Assessment_1_Template_160823_041445 (2).docx
HR (2).docx
mktg 379 project (1).pdf
IT-116 Lab6B.docx
cysa+ch4.pdf
Case 3 Doosan Infracore International.docx
Week 5 discussion.docx
ICTCYS407 - ASI - Assignment 2 - Add and analyse threat data with Splunk.docx
ICTCYS407 - ASI - Assignment 3 - Present your findings.docx
data quiz.pdf
section c.docx