Incident Response Flashcard

The first step in the incident response process is Identification. This involves recognizing and confirming the existence of an incident, which is crucial for determining the appropriate response actions.

The Red Team simulates attackers during tabletop exercises, testing the defenses and response strategies of the Blue Team. This role-play helps identify vulnerabilities and improve security measures.

The Forensic Analyst is responsible for investigating how an attack occurred, analyzing evidence, and determining the methods used by attackers, making them crucial in understanding the incident.

The 'containment' phase in incident response focuses on isolating affected systems to prevent further damage and limit the spread of the incident. This is crucial for managing the situation effectively.

A compromised password allows unauthorized individuals to access systems or data without permission, making 'Unauthorized Access' the correct choice. This highlights the security risk posed by weak password management.

GDPR regulations specifically protect 'Personal Data', which refers to any information that relates to an identified or identifiable individual. This includes names, contact details, and other personal identifiers.

The eradication step in the incident response process focuses on removing malware and other threats from the environment, ensuring that the incident is fully resolved before moving on to recovery.

The Communications Lead is responsible for managing communication with external stakeholders, ensuring that information is conveyed effectively during cyber security incidents.

The primary objective of the Blue Team in a tabletop exercise is to defend against simulated threats. This involves identifying and mitigating risks rather than exploiting vulnerabilities or simulating attacks.

The Recovery phase in the incident response process focuses on restoring systems and data to normal operations after an incident. This is crucial for returning to business as usual.