Incident Response-Quiz 1

adverse events

with negative consequences

malicious intent to harm

all of the above

The victim’s needs

Provide rapid detection and containment

The severity of incident

Escalate privileges

Initial compromise

Establish foothold

Maintain presence

Guidance Software EnCase

Ubuntu

AccessData FTK Imager

Kali Linux

live image will make minor modifications to the system, but you

will be able to get an image

the system may be an extremely business-critical system that cannot be

taken down except during very short maintenance windows

no hardware write blocker preventing you from

destroying evidence

system or backup system restrictions

create an infrastructure that provides rapid answers to the questions you will have after an incident occurs

Identify your corporate risk

Create a response toolkit for use by the CSIRT

prepare the host for the incident

Corporate reputation

Confidential business information

Nonpublic personally identifiable information

business information

M=Assembling the CSIRT, P= Record Details

M= Assembling Details, P=Record Declaration

M=Record Details, P= Assembling the CSIRT

M=Assembling Escalation, P= Record Team

notification procedure

incident response program

computer security awareness

initial response checklist

To prevent "knee jerk" reactions and panic when incident is detected

For recording details after the initial notification of an incident

As the mechanism to record the circumstances surrounding a reported incident

To obtain enough information to determine appropriate response