Term
| What is the act of violating an explicit or implied security policy? |
|
Definition
|
|
Term
What are the following?:
oRestore system functionality
oPreserve evidence of the intrusion
oPrevent re-occurrence |
|
Definition
| The main goals of incident response. |
|
|
Term
What are the following?:
Log Reviewing |
|
Definition
| Methods of Incident Investigation |
|
|
Term
| What is the encryption algorithm used for hashes? |
|
Definition
|
|
Term
| What writes policies and procedures, assigns personnel and resources and establish secure out-of-band communications? |
|
Definition
|
|
Term
| Cyber Incident Response Team |
|
Definition
|
|
Term
| Computer Security Incident Response Team |
|
Definition
|
|
Term
| Incident response communications must be confidential |
|
Definition
| Need To Know Communication Process |
|
|
Term
| Incident response communications that avoid alerting intruder |
|
Definition
| Out-of-band Communication Process |
|
|
Term
| What is identifying what must be prioritized? |
|
Definition
|
|
Term
| What is the top level resource that you need to protect? |
|
Definition
|
|
Term
What are the following?:
oSecurity mechanisms (IDS, log analysis, alerts)
oManual inspectionsoNotification procedures
oPublic reporting
oConfidential reporting / whistleblowing |
|
Definition
|
|
Term
| What is coming up with plans and figuring out scenarios to test your plan around a table? |
|
Definition
|
|
Term
| Incident Detection System |
|
Definition
|
|
Term
| Incident Protection System |
|
Definition
|
|
Term
| What is a member of CIRT taking charge of a reported incident? |
|
Definition
|
|
Term
What are the following?:
oWhat is the loss / potential for loss?
oWhat countermeasures are available?
oWhat evidence can be collected? |
|
Definition
| The competing objectives that Containment response must satisfy. |
|
|
Term
What are the following?:
Investigation
Containment
Hot Swap
Prevention |
|
Definition
|
|
Term
| What is allowing the attack to proceed but ensure that valuable systems or data are not at risk? |
|
Definition
|
|
Term
| What is a backup system is brought into operation and the live system frozen to preserve evidence of the attack? |
|
Definition
|
|
Term
| What are countermeasures to end the incident are taken on the live system (even though this may destroy valuable evidence)? |
|
Definition
|
|
Term
What are the following?:
•How was the incident allowed to develop?•How could it be prevented / reduced in impact?
•Was incident response adequate? What could be improved? |
|
Definition
| Lessons Learned From an attack |
|
|
