Where could I find a Business Continuity Plan (BCP)?

In the company's written information security plan

On the company's public website

Minimum needed to effectively respond to a Cyber Incident:

Acessible IR Contacts and RACI forms

Prioritized order of Critical Services restoration

Your MDR detects unusual outbound network traffic that could indicate data exfiltration. Organize actions by category

Utilize Google Investigate tool to review user actions

shutdown firewall ports to destination

Activate MDR/BOCES security operations teams

The MDR team has confirmed confidential Data has been exfiltrated. What next?

Stop Exfiltration: Partial/complete shutdown of corporate external/internal traffic

SOC teams identify / neutralize source of breach.

implementation of IR restore plans

Security/Public Official notifies stakeholders, and makes official Public announcement

How could I find more information on how the district data network is engineered?

In the WISP, section Secure Engineering and Architecture

By contacting the district's IT department

By attending a district board meeting

By reading the district's annual report

What considerations should be taken when communicating to Stake holders about a cyber incident?

Not revealing information that might compromise the investigation

Protection of privacy of those who are directly affected by the data breach

recommendations of legal counsel

An Incident Response plan includes:

IR team members and contact info

Restore Order of Critical Services

The Network Security (NET) section in the WISP includes:

Intrusion Detection and prevention

An unreported phishing attack compromised employee credentials. The network monitoring system detects unusual activity on the user account. What order should these steps be in?

Inform the Security Offical of unfolding event

Reset: affected user credentials and sign in cookies. Change MFA notification method

determine if CIA breach occurred, update Security Official

Organize Resources by Category

Pondurance MDR Threat Intelligence SOC

What considerations must be a part of restoration of critical systems after a breach?

"ground zero" identified to prevent re-infection

creating a separate secure network external comm

having on hand "Known Clean" computers on hand fo

having a document that outlines the order of missi

strenghtening identified weakness

notifying affected parties of the breach

sending non-critical staff home

Prioritize the order of Restoration of District Core Systems

Internal/External communications (servers, network(s), phones)

Access to HR and finance applications

Food and Transportation applications

Security Systems (doors, cameras)

A user reports that their files have disappeared, and they cannot access shared drives. What should the helpdesk do first?

Verify if it is a computer or user issue before escalating to IR Team

Escalate immediately to the Incidence Response team

ask if any other users are having the same experience

What doe RACI stand for?

Responsible Accountable Consulted Informed

Refined Access Control Instructions

Retained account contaiment implementation

Reasonable Access control implementation

Which phase would Legal and/or Insurance be contacted?

Phase 4 - Incident Summary Report

(Match the strategy to the correct NIST category.)

Documenting critical business services

Monitoring abnormal network traffic spikes.

Evaluating strategies to manage fuutre DDOS attacks

Blocking malicious IP addresses and rerouting traffic

Increasing firewall protections and traffic filtering

What information is found in the Identification and Authentication (IAC) section of the WISP?

Corporate employee access management strategies

The tech department learns an employee lost a company-issued laptop with sensitive customer data. what do you do?

Report incident to the Security Official

Log the device out of any cloud sessions remotely disable stop cloud storage sync

ask where they saw it last, and go look for it

Look on the dark web and report to the FBI

What is a Supply chain document and where can in be found in the WISP

The Supply Chain document is found in the Incident Response Plan (IRO) it contains all the contacts for 3rd party vendor purchases

Supply chain is a chain of supplies ordered in past 30 days found under Assets section of the WISP

The Supply Chain document is found in the Detection Section (DT) it contains all the contacts for party vendors in the area

The Supply Chain document is found in the Recovery Section (RSK) contains all the vaccination records

IDENTIFY: Why is asset management critical in the Identify function of NIST?

To identify critical systems that need risk management

The logistical management of company resources

Asset management is simply inventory control.

A third-party vendor informs the company of a possible data exposure but provides limited details. What should be the next step?

Gather more information before taking further action

Terminate the contract with the vendor

Contact the Incidence Response team immediatly

Immediately inform all customers

Determining Escalation Paths Scenario: A department reports repeated malware infections on different machines. What should the cybersecurity team do?

Investigate the source of the malware and apply necessary patches to the endpoint protection software

check monitoring logs for any spikes in data exports

isolate the machines until the endpoint software is updated and to recognize the malware

determine and block the source of the malware from being accessed by the network

What does Risk Management (RSK) cover in the WISP

Risk identification Risk assessments Risk Ranking

The main activities in the Recover function of NIST are:

developing and improving recovery plans

Identifying clear procedures to restore mission critical applications

communicate updates to stakeholders

Monitoring and analyzing threats

Where could I find a history of changes made to the network?

Change Management Section (CHG)

Why have Continuous network monitoring?

Early detection/recording of anomalous activity.

useful to identify the "ground zero" patient

What does NIST stand for?

National Institute of Standards and Technology

National Information Security Team

Network Information Systems Technology

National Institute of Science and Technology

Multiple system become inaccssible; ransome note appears on HR computers. Prioritize next steps

USE CIA to decide whether to disconnect Internet

Would the WISP include information on Corporate assets: ?

Yes, it would include information o

No, it would not include informatio

An asset is comprised of:

Corporate hardware and software

IDENTIFY: What is the primary purpose of a risk assessment?

To identify vulnerabilites of corporate data systems

To satisfy auditors needs and reduce liability costs

To find out Monica has too much access

To develop a comprehensive response plan

Where would I go to find out what systems we have in place for monitoring our network?

WISP, Continous Monitoring section

Check the IT department's documentation

Identify ways to add additional layers of security

notifying a second device at login

enforcing 14 character complex password

What is the primary role of security awareness training in the Protect function?

To educate staff to identify, and report social engineering attacks

To test the patience of the Data Privacy Officer

To educate staff where the Acceptable use policy can be found.

To identify staff who click on everything

Where could I get detailed information on Data Backup systems in place

Data Classification Handling (DCH)

Businesss Continuity Plan (BCP)

Real World Reporting: Marriott Hotel Data Breach (2018) - 📌 Incident: After acquiring Starwood Hotels, Marriott discovered a long-running breach in Starwood’s system. Hackers had been exfiltrating guest data for years before Marriott realized the security flaw had been inherited. where was the failure?

Identify: lack of review of business critical Hardware and software

Protect: No internal review of the protection plan for business critical applications

Detect: No system in place to monitor sensitive data movement

The purchase price was to high!

RECOVER: Why is a business continuity plan important in cybersecurity recovery?

To ensure the organization can continue operations during and after a cyber attack

To increase the company's profit margins

To reduce the number of employees needed in the IT department

To eliminate the need for cybersecurity measures

IDENTIFY: What are the five core functions of the NIST Cybersecurity Framework?

Identify, Protect, Detect, Respond, Recover

Plan, Execute, Monitor, Control, Close

Identify, Project, Deter, React, Recoup

Analyze, Design, Develop, Test, Deploy

Auditors are looking for security polciies for terminated personnel. Where would you direct them?

The Human Resources security section of the WISP

The Asset management section of the WISP

The Risk Management section of the WISP

The purpose of forensic analysis in the response process is to:

Identify the cause of an incident

The best practice policy for data access is

Most restrictive, permissions grant by request

Least restrictive, based on software

Least privileges needed to do ones job

Access based on trust and education

Why is it important to have a pre-defined communication plan in the Respond function?

To ensure clear and efficient communication during a response

To allow for spontaneous decision-making

To avoid any form of communication

To ensure only one person is responsible for communication

Cybersecurity Core Functions-IR TEAM

Authored by Christopher Lynch

Information Technology (IT)

Professional Development

Used 3+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

90 questions

Show all answers

MULTIPLE CHOICE QUESTION

1 min • 2 pts

CIA, an acronym for cybersecurity, determines when to escalate a cyber event to cyber incident. What does is stand for?

Counter

Intelligence

Agency

Compromise

infiltrate

Access

Confidentiality

Integrity

Availablilty

Corporate

Internal

Access controls

MULTIPLE CHOICE QUESTION

45 sec • 2 pts

What does WISP stand for?

Wireless Internet Service Provider

Wide Internet Service Protocol

Wiritten information Security plan

Wide Information Service Provider

REORDER QUESTION

3 mins • 6 pts

You have a confirmed CIA incident. Correctly order the Response Plan :

document all response measures taken

Start Response Log

Initiate IR team communications logging

determine origin, examine all logs with SOC

preserve evidence

Answer explanation

The NIST Cybersecurity Framework (CSF) 2.0 focuses on the Respond function to develop and implement actions against detected cybersecurity incidents, ensuring effective response planning, communication, and mitigation efforts. It supports organizations in managing cybersecurity events by providing a framework for planning, analyzing, and communicating incident-related actions.
Key aspects of the Respond function in NIST CSF 2.0:
Response Planning:
Organizations should develop and maintain a comprehensive incident response plan that outlines procedures for handling various cybersecurity incidents.
Communication:
Effective communication is crucial for coordinating internal and external stakeholders during an incident response.
Analysis:
Analyzing incidents helps organizations understand the nature of the threat, its impact, and potential root causes.
Mitigation:
Mitigation efforts involve taking actions to contain the impact of the incident and prevent further damage.
Improvements:
Post-incident review and analysis should inform future improvements in response planning and incident response processes.
Incident Management:
The Respond function includes a specific category focused on incident management, covering various aspects of responding to and resolving incidents.
Evidence Preservation:
Maintaining evidence for forensic examination and potential legal needs is a crucial aspect of the Respond function.

MULTIPLE CHOICE QUESTION

1 min • 2 pts

What are the key security measures in the Protect function of NIST?

Access Control, Awareness and Training, Data Security, Information Protection Processes and Procedures, Maintenance, and Protective Technology

Risk Assessment, Risk Management Strategy, Supply Chain Risk Management

Anomalies and Events, Security Continuous Monitoring, Detection Processes

Response Planning, Communications, Analysis, Mitigation, Improvements

REORDER QUESTION

3 mins • 5 pts

"Ground zero" has been identified and neutralized.
Please order the objectives of Phase 4 "Response" to Cyber Incident

Creating a secured and safe channel to restore external communications

Begin prioritized restoration of mission critical services

Remediation: deploy devices cleared for use. begin cleaning affected devices

Complete restoration of network functionality

Update and complete the Incident Summary Report (ISR)

MATCH QUESTION

3 mins • 5 pts

Match the Log with the Correct Phase of an Incident response

Threat Level assessment

Phase 1

Post Incident Review Log

Phase 5

Restore functionality of Critical System

Phase 3

Response Log

Phase 2

Event Report

Phase 4

REORDER QUESTION

2 mins • 2 pts

Put the content in order as it would be included in a public communication regarding a breach

Communication and Support

Transparency and Accountability

Affected Data

Incident Description

Actions Taken

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

91 questions

Database System, Data Models, and Relationship

Quiz

•

Professional Development

Popular Resources on Wayground

7 questions

History of Valentine's Day

Interactive video

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

15 questions

Valentine's Day Trivia

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Information Technology (IT)

44 questions

Would you rather...

Quiz

•

Professional Development

20 questions

Black History Month Trivia Game #1

Quiz

•

Professional Development

12 questions

Mardi Gras Trivia

Quiz

•

Professional Development

14 questions

Valentine's Day Trivia!

Quiz

•

Professional Development

7 questions

Copy of G5_U5_L14_22-23

Lesson

•

KG - Professional Dev...

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

11 questions

NFL Football logos

Quiz

•

KG - Professional Dev...

12 questions

Valentines Day Trivia

Quiz

•

Professional Development

Cybersecurity Core Functions-IR TEAM

CIA, an acronym for cybersecurity, determines when to escalate a cyber event to cyber incident. What does is stand for?

What does WISP stand for?

You have a confirmed CIA incident. Correctly order the Response Plan :

What are the key security measures in the Protect function of NIST?

"Ground zero" has been identified and neutralized. Please order the objectives of Phase 4 "Response" to Cyber Incident

Match the Log with the Correct Phase of an Incident response

Put the content in order as it would be included in a public communication regarding a breach

Where could I find a Business Continuity Plan (BCP)?

Minimum needed to effectively respond to a Cyber Incident: ​ ​​ ​ ​ (a) (b) ​ (c) (d) ​ (e) ​

Your MDR detects unusual outbound network traffic that could indicate data exfiltration. Organize actions by category

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)

"Ground zero" has been identified and neutralized.
Please order the objectives of Phase 4 "Response" to Cyber Incident

Minimum needed to effectively respond to a Cyber Incident:
(a) (b) (c) (d) (e)