Incident Management Overview and Life Cycle

Questions and Answers

What is the best time to determine who should be responsible for declaring a disaster?

Answer hidden

What is the objective of containment?

Answer hidden

What is the primary objective of incident response?

Answer hidden

What is The MTO?

Answer hidden

On what basis is the prioritization of incident response determined?

Answer hidden

Flashcards are hidden until you start studying

Study Notes

Incident Management Overview

• Incident management is a structured process for handling disruptive events to minimize business process impact.
• Information security managers are responsible for incident management procedures, development, and testing.

Incident Management Objectives

• Early detection of incidents
• Accurate incident investigation
• Containment and damage minimization
• Prompt service restoration
• Root cause determination and prevention of recurrence

Incident Management Life Cycle

• Planning and preparation (policy, roles, communication, procedures)
• Detection, triage, and investigation (IDS, IPS, SIEM)
• Containment and recovery (risk containment, evidence collection, business continuity plan, disaster recovery plan)
• Post-incident review (evaluating cause/impact, identifying systemic weaknesses, improving processes)
• Incident closure (assessing effectiveness, reporting to stakeholders)

Key Aspects from Exam Perspective

• Best time to determine disaster responsibility: During incident response plan preparation
• Containment objective: Reducing incident impact
• Incident response priority: Safety of personnel
• Main objective of incident response: Minimizing business disruption
• Determining incident severity: Business process owner input
• Acceptance of partial system recovery: Service delivery objective
• Maximum Tolerable Outage (MTO): Maximum time an organization can operate from an alternate site
• Allowable Interruption Window (AIW): Maximum time an organization can be down without significant financial issues
• Relationship between MTO and AIW: MTO should equal or exceed AIW
• Incident response prioritization: Based on business impact analysis
• Determining appropriate response action when a fire occurs in a facility: Check facility access logs
• Best way to address network denial-of-service (DoS) attacks: Packet filtering firewall
• Identifying a stolen laptop’s appropriate first action: Following reporting procedures
• Establishing disaster responsibility: During plan establishment
• Essential BCP component: Copies of the business continuity plan
• Key priority when an incident occurs: Containment
• Major concern for security manager in a security breach: Trojan horse on an administrator's computer
• Importance of promptly determining severity: Prioritizing resources for incidents
• Important information component in the incident response team manual: Incident severity criteria
• First action in a server compromise: Isolate the server from the network
• Objective of incident management: minimizing business impact
• Importance of Incident Response plan: Accurate incident reporting/handling procedure
• Most important concern for detecting a security issue/threat: Timely detection of any issue/threat
• Importance of Incident Closure: Evaluate effectiveness/report to stakeholders
• Crucial element of incident management: Security awareness training for employees
• Crucial component for incident management: An established, clearly defined incident response and escalation process.

Description

This quiz covers the fundamentals of incident management, including its objectives and life cycle phases. It explores early detection of incidents, effective containment strategies, and post-incident reviews. Perfect for students and professionals looking to enhance their knowledge in information security management.