24 Questions
What is a common approach to cybersecurity incident handling that is considered a recipe for failure?
Figuring out the details when an incident happens
What is a key benefit of developing an incident response plan?
It helps ensure good judgment in the heat of an incident
What is typically included in a statement of purpose in an incident response plan?
The scope of the plan and the reasons for creating it
What should be clear in an incident response plan?
The priority of containing the incident over preserving evidence
Who is typically responsible for incident handling in an incident response plan?
Specifically designated responders with authority
What type of incidents might an incident response plan cover?
Both cybersecurity incidents and loss of sensitive information
Why is it important to have clear strategies and goals in an incident response plan?
To ensure responders make good decisions in the heat of an incident
What is the benefit of describing the nature of the organization's approach to incident response in a plan?
It clarifies the authority of responders during an incident
What is a crucial aspect of communication in an incident response plan?
Communicating within the team, with other groups and with third parties
What is the primary purpose of obtaining senior management approval in an incident response plan?
To demonstrate authority during incident response
Which of the following is a recommended resource for guiding incident response plan development?
NIST SP 800-61
Why is it important to consult other organizations' incident response plans?
To learn from their experiences and apply them to your organization
What is the primary role of an incident response team?
To respond to incidents and manage the response process
What is a key consideration when staffing an incident response team?
Having primary and backup personnel assigned to cover vacations and extended periods
Why is it important to have an incident response team available on a 24/7 basis?
To respond quickly to incidents that can occur at any time
What is a benefit of using a template for incident response planning?
It provides a starting point for developing a plan
What may happen if you file a report with law enforcement?
The details of the incident may become public
When should you contact law enforcement?
When you think there's a threat to safety or you have a legal obligation to report a specific kind of incident
Who should provide guidance on laws and regulations that apply to your organization?
Your legal team
What type of laws may require notification in the event of an incident?
Privacy laws
What should your communications plan describe?
Who you will communicate with and how you will communicate during an incident
Why should you have secure communication channels in place?
To prevent the release of information to the public or your adversary
What is the next step after having an incident response plan in place and a team prepared?
Incident response process enters a state of perpetual monitoring
What is the purpose of perpetual monitoring?
To watch for signs that an incident is occurring or has already taken place
Study Notes
Incident Response Plan
- The incident response plan should cover communication within the team, with other groups within the organization, and with third parties.
- The plan should include the approval of senior management to provide authority when taking unpopular actions during incident response.
Developing the Plan
- Consult NIST SP 800-61 to guide decisions when developing the plan.
- Look at existing plans developed by other organizations, such as Carnegie Mellon University's plan, to get a starting point.
- The plan should include a statement of purpose, strategies and goals for incident response, and a description of the organization's approach to incident response.
Incident Response Team
- Create an incident response team that is available 24/7 and has primary and backup personnel assigned to cover vacations and extended periods of operation.
Incident Response Process
- The incident response process involves perpetual monitoring to watch for signs that an incident is occurring or has already taken place.
- Incident response should prioritize containment over evidence preservation, if necessary.
- The plan should describe clear strategies and goals for first responders and those handling incidents at a more strategic level.
Legal Considerations
- Involve the legal team in incident response planning efforts to get guidance on laws and regulations that apply to the organization.
- Consider notification requirements for incidents, such as reporting to law enforcement or government agencies, and timely notification of individuals in case of a personal information breach.
- Ensure secure communication channels are in place before an incident occurs to share information with trusted employees and third parties.
Learn about the key components of an effective incident response plan, including communication and senior management approval.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
