Cybersecurity Incident Response Worksheet (Grade 12)

____ is the stage in the cyber kill chain that includes the activation and initiation of the process whereby the crafted exploit gains a foothold and attempts to expand its influence.

The job functions and organizational roles of ___ focus on protecting the organization's information systems and stored information from attacks.

The ___ CSIRT model is used when the organization needs a full-time, on-site CSIRT but does not have enough available, qualified employees.

The C.I.A. triad is the industry standard for computer security since the development of the mainframe and is based on three characteristics that describe the utility of information.

A structured walk-through is the CP testing strategy in which the organization conducts a role-playing exercise as if an actual incident or disaster had occurred.

Event correlation involves examining logs from multiple systems and identifying trends or indicators of attacks across those multiple systems.

A series of steps that follow the stages of a cyberattack from early reconnaissance to the exfiltration of data is known as the ___.

____ are procedures for regaining control of systems and restoring operations to normalcy; they are the heart of the IR plan and the CSIRT's operations.

The U.S. National Institute of Standards and Technology defines the incident response life cycle as having four main processes: 1) preparation; 2) detection and analysis; 3) containment, eradication, and recovery; and 4) ___.

____ is used to maintain awareness of evolving threats in general and is a resource for researching specific threats as an organization develops usable threat intelligence.