38745506
Description
Flashcards by Lyndsay Badding, updated more than 1 year ago
|
Created by Lyndsay Badding
over 1 year ago
|
|
| Question | Answer |
| Step 1 | Preparation -prepare response plans -make system(s) resilient -create lines of communication -identify proper resources and assets |
| Step 2 | Identification -identify the nature of the incident -determine whether an incident has occurred, assess severity, notify stakeholders -typically done using an attack framework ex: Cyber Kill Framework, MITRE ATT&CK, Diamond Model of Intrusion Analysis |
| Step 3 | Containment limit the spread and impact of the incident should have step-by-step procedure in IRP |
| Step 4 | Eradication find and remove the source |
| Step 5 | Recovery restore from backups reintegrate affected systems back into workflow re-audit to ensure its no longer vulnerable |
| Step 6 | Lessons Learned analyze the effectiveness of the response |
| IR Prioritization | for when multiple incidents are happening at the same time need to consider: data integrity, downtime, economic/publicity, scope, detection time, recovery time |
| Attack Frameworks | set of comprehensive descriptions, examples, and definitions of the threat lifecycle from initial access through exfiltration |
| MITRE ATT&CK | global database of TTPs and documented attack types https://attack.mitre.org/ |
| Diamond Model of Intrusion Analysis | standardized framework for how a company can classify and react to threats 4 main categories 1. adversary 2. capability 3. victim 4. infrastructure |
| Cyber Kill Chain | model that identifies the stages an attacker must complete in order to achieve their objective 7 steps |
Want to create your own Flashcards for free with GoConqr? Learn more.