CC 2-1 Incident response.pdf

Domain 2 – BCM, DR & Incident
Response
2.1: Incident response
2.2: Business Continuity
2.3: Disaster Recovery
Waleed Elnaggar
https://www.youtube.com/naggaracademy

Incident Response Concepts
breach
Event
Incident
Exploit
Intrusion
Threat
Vulnerability
Zero Day

Breach
any incident that results in unauthorized access to
computer data, applications, networks or devices. It
results in information being accessed without
authorization. Typically, it occurs when an intruder is
able to bypass security mechanisms..

Event
Any change in everyday operations of a network or
information technology service indicating that a security
policy may have been violated or a security safeguard may
have failed. In a computing context, events include any
identifiable occurrence that has significance for system
hardware or software. Security events are those that may
have significance to the security of systems or data.

Incident
If a security event is confirmed to have negative impact
over availability, integrity or confidentiality, the event is
termed a security incident. A security incident results in
risk or damage to the resources and assets of an
enterprise.

Exploit
Exploits are the means through which a vulnerability can
be leveraged for malicious activity by hackers; these
include pieces of software, sequences of commands, or
even open-source exploit kits.

Intrusion
A security event, or a combination of multiple security
events, that constitutes a security incident in which an
intruder gains, or attempts to gain, access to a system or
system resource without having authorization to do so.

Threat
Cyber threats are harmful activities committed with the
intent of destroying, stealing, or disrupting data and digital
life in general. Computer viruses, data breaches, and
Denial of Service (DoS) assaults are examples of these
risks.

Vulnerability
A vulnerability is a weakness in an IT system that can be
exploited by an attacker to deliver a successful attack.
They can occur through flaws, features or user error, and
attackers will look to exploit any of them, often combining
one or more, to achieve their end goal.

Zero Day
"Zero-day" is a broad term that describes recently
discovered security vulnerabilities that hackers can use to
attack systems. The term "zero-day" refers to the fact that
the vendor or developer has only just learned of the flaw –
which means they have “zero days” to fix it. A zero-day
attack takes place when hackers exploit the flaw before
developers have a chance to address it.

Why Incident Response
Incident response is a cornerstone of any enterprise
cybersecurity program. Quickly responding to security
incidents effectively and efficiently helps minimize damage,
improve recovery time, restore business operations and
avoid high costs.
Objective is to minimize incident impact and resume
interrupted operation asap.
Safety comes first

Incident Response Cycle

1. Preparation
 Formal policy / Respose plan/strategy
 Identify critical data/systems, single point of failure
 Team / Roles and responsibilities
 Training and awareness
 Communication
 Documentation
 First response

Detection & Analysis
 Monitoring
 Incident analysis
 Prioritization
 Standardize incident documentation

Containment
 Choose appropriate response strategy
 Isolate the impacted devices
 Recovery
 Gathering evidence (chain of custody)

Post-incident Activity
 Lessons learned
 Formal Incident report
 Legal requirements

CC 2-1 Incident response.pdf

More Related Content

What's hot

Similar to CC 2-1 Incident response.pdf

More from Waleed Elnaggar

Recently uploaded

CC 2-1 Incident response.pdf