Criado por Lyndsay Badding
mais de 1 ano atrás
|
||
Questão | Responda |
Step 1 | Preparation -prepare response plans -make system(s) resilient -create lines of communication -identify proper resources and assets |
Step 2 | Identification -identify the nature of the incident -determine whether an incident has occurred, assess severity, notify stakeholders -typically done using an attack framework ex: Cyber Kill Framework, MITRE ATT&CK, Diamond Model of Intrusion Analysis |
Step 3 | Containment limit the spread and impact of the incident should have step-by-step procedure in IRP |
Step 4 | Eradication find and remove the source |
Step 5 | Recovery restore from backups reintegrate affected systems back into workflow re-audit to ensure its no longer vulnerable |
Step 6 | Lessons Learned analyze the effectiveness of the response |
IR Prioritization | for when multiple incidents are happening at the same time need to consider: data integrity, downtime, economic/publicity, scope, detection time, recovery time |
Attack Frameworks | set of comprehensive descriptions, examples, and definitions of the threat lifecycle from initial access through exfiltration |
MITRE ATT&CK | global database of TTPs and documented attack types https://attack.mitre.org/ |
Diamond Model of Intrusion Analysis | standardized framework for how a company can classify and react to threats 4 main categories 1. adversary 2. capability 3. victim 4. infrastructure |
Cyber Kill Chain | model that identifies the stages an attacker must complete in order to achieve their objective 7 steps |
Quer criar seus próprios Flashcards gratuitos com GoConqr? Saiba mais.