Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.
Comprehensive practice exam engine!
All features in the FREE plan, plus:
Welcome to our incident response plan module. It is very important that you create an incident response plan, or IRP, for your organization. This is a risk management plan that will define controls to help reduce breeches or incidents. And if a breach does occur, it will help you to mitigate the risk of that breach.
You need to make sure that you have the ability in your organization to respond to an incident, and therefore you will have to create and set up an incident response team. Incidents will occur regularly in any enterprise environment. Your incidence response will need to prioritize what needs to be responded to immediately and what can be delayed.
Your management will define the scope and goals of the incidence response team and the incidence response policy. You need to make sure that you have agency structured roles and responsibilities for all the members of the team. CERT teams, or computer emergency response teams, can help your administrators as necessary.
You should have well-defined procedures that detail the appropriate responses to incidents. And you may be required to report some incidents to the local authorities, depending on the type of regulations that affect your industry. When an incident occurs, it is important that you manage the incident properly by following your incident response plan.
Incident response plans have several steps. The detection phase is probably the most important phase of the incident management plan. Because if you cannot detect that something is going wrong, you will not be able to respond to it. The detection phase involves detecting that an event is occurring and determining what type of response is necessary if any.
During the response phase, you will respond to the incident and learn more about what is occurring. In the mitigation phase, you will need to stop the incident. For example, if an attacker has gained access to your network and is exfiltrating data off of your system, you will need to make sure that that hacker is disconnected from the system immediately and that you stop them from removing your critical information.
During the reporting phase, you will report back to your management staff and your stakeholders and explain to them the steps that you have taken and the type of incident that you're dealing with. During the recovery phase, you will attempt to get the systems back online to their pre-incident status where everything is functioning properly and is secured again.
During the remediation and possible reporting phase, you will need to make sure that you take steps to protect any data that may have been leaked, notify the individuals involved in the breach. And you may also need to report the incident to the government, depending on the type of regulations involved in your industry.
After the incident has been completed, you will want to take a look at the lessons learned. Take a look at how you responded to the incident and see what could be improved for future incidents. And also take a look to see how the incident occurred and how you could prevent those type of incidents from occurring in the future.
Such as installing a burglar alarm if an individual physically gained access to your building and perhaps installing an intrusion prevention system if an individual is able to access your network remotely. When an incident occurs, it is critical that you follow your incident response plan. This plan will give you procedures for responding to different types of situations and it's typically focused on common types of attacks and vulnerabilities.
Many incidents are caused by your inside users, so it is important to train them with appropriate computer security tips and also monitor them to make sure that they are not taking malicious actions in your organization. When you're managing the incident, you need to determine if your confidentiality, integrity, or availability were breached and you could have an incident where all three were affected.
You should prepare in advance how you will detect, triage, respond, and recover from incidents. This should be part of your security training and awareness for your employees. It is important that you contain the damage from the detected incident before it spreads throughout your network. You should repair the damage as soon as possible in order to prevent the damage from spreading and also to prevent the attacker from being able to access other systems on your network.
You will need to evaluate the incident to determine the threat caused, the priority of the incident, and the response that's needed as well as the scope of the incident. For example, did the attacker access only one system Or did they have access to your entire network. Lessons learned is very important to help you educe future risks and to determine the root cause of the incident.
Depending on the type of incident that you're dealing with, you may be required by law to report the incident. You should have a section in your incident response plan that details how individuals should handle incidents, how they should report the incidents, and who they should report them to.
And they should be integrated as well into your disaster recovery and contingency planning. For the CIASSP examination, you should remember that the lessons learned phase is very valuable for preventing future attacks and for determining how the attack occurred in the first place. When you need to respond to a computer incident, you should follow your response plan.
It is very important that you have a plan in place before an incident occurs. Otherwise your employees may not know how to respond to the incident. If you're handling the incident in-house, you should have an incident response team that can be available very quickly when an incident occurs and be available to travel to the location of the incident.
Your computer emergency response team should have certain items available at their disposal in case an incident occurs. They should have a list of outside agencies and resources that they may need to contact for assistance or that they may be required to report incidents to. They should have a contact list of all of the members of the computer emergency response team, so that they can contact them in the event of an emergency.
If your CERT team members are not familiar or trained in computer forensics, they should have a list of computer experts that they can contact if necessary. They should have steps on how to search for evidence, how to secure it properly and how to preserve it in case that evidence needs to be used in court at a later time.
These employees should have a list of items that they are required to include on their reports and they should have access to a sample report if possible. They should also have a list of different systems in your organization and how they should treat these systems with different types of situations that may occur.
This concludes are incident response plan module. Thank you for watching
Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.
Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.
THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!
Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.
Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.
Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.
More PRO benefits are being built all the time!