Identify who should be held responsible if incident happen.

Identify the attack on the system.

Identify and understand the systems, assets, data and capabilities of the organization.

Identify and understand the organization risk assessment and risk management strategy.

Two-factor authentication

Encrypt data

Deploy security guards

Remove unused accounts

Layer 1 and 2 of OSI model

Layer 3 and 4 of OSI model

Layer 6 and 7 of OSI model

All of the above

Alerting

Taking action

Detection

Identify Attack

To flag attack against known vulnerabilities.

To reduce false positives in a signature-base IDS

To randomly check suspicious traffic identified by IDS

To enhance the accuracy of a IDS

Analyse and monitor network traffic for signs that indicate attackers are using known cyberthreat to infiltrate or steal data from a network.

Able to identify malicious activity, report it and block it.

Limits access between networks to prevent intrusion and do not signal an attack from inside the network.

To detect and destroy known threats.

Turn off involved computer system.

Disconnect the computer system from all network

Isolate all involved computer system.

Communicate with stakeholders, law enforcement and/or external stakeholders