Define and discuss Incident Response Are IR procedures proac

Define and discuss Incident Response

Are IR procedures proactive or reactive measures

The IRP should consist of individuals from all relevant constituent groups that will be affected by the actions of the frontline response teams True False

A(n) ____ is a detailed examination of the events that occurred, from first detection to final recovery.

A(n) ____ occurs when an incident that deserves attention is not reported.

Identify the type of attack on information assets in which the instigator attempts to gain unauthorized entry into a system or network or disrupt the normal operations of a system or network.

Define and describe the purpose and function of a CSIRT. Who should lead it? Who should participate?

At a minimum, the CSIRT development plan should be reviewed annually. True False

The focus during an AAR is on establishing who is to blame. True False

When using honeypots and honeynets, administrators should be careful not to run afoul of any legal issues. One issue is the line between enticement and entrapment. a) Make an argument that it is enticement. b) Make an argument that it is entrapment. c) Identify another potential legal issue and discuss your point of view.

Solution

1) After action review

2) True

3) False

Computer Security Incident Response Team is an organization which analyse the security incidents(breaches)