unit 8 Lab1
Craft a security or computer incident
Response policy – CIRT Response team
3. Why is it a good idea to include human resource on the incident Response Management Team?
Most organizations realize that there is no one solution or panacea for securing systems and data instead a multi-layered security strategy is required.
4. Why is it a good idea to include legal or general counsel in on the Incident Response Team?
An incident response must be decisive and executed quickly. Because there is little room for error, it is critical that practice emergencies are staged and response times measured.
5. How does an incident response plan and team help reduce the risk to the organization?
While preventing such attacks would be the ideal course of action for organizations, not all ...view middle of the document...
To minimize the number and impact of security incidents.
7. If you cannot cease the spreading, what should you do to protect your non-impacted mission critical IT infrastructure assets?
This research project will explore the significance of the Stuxnet worm as a
Call to action and focus attention on protecting, defending, detecting possibly
Malicious activity, and responding to security incidents as well as mitigating risks
that impact critical infrastructure.
8. When a security incident has been declared, does a PC technician have full access and authority to seized and confiscated a vice-president’s laptop computer? Why or why not?
9. Which step in the incident response mythology should you document the step and procedures to replicate the solution?
As a foundation for later sections, this section provides an overview of the various categories of malware, which include viruses, worms, Trojan horses, and malicious mobile code, as well as combinations of these, known as blended attacks.
11. What is a policy definition required for computer security incident response team?
Is an organization that receives reports of security breaches, conducts analyses of the reports and responds to the senders.
12. What is the purpose of having well documented policies as it relates to the CSRIT function and distinguishing events versus an incident?
CSIRT. A rapid, accurately targeted, and effective response can minimize the overall damage to finances, hardware, and software caused by a specific incident.
15. Why is file integrity Monitoring alerts/alarms a critical application and tool for the CSRIT incident response identification?
* Minimize the number and severity of security incidents.
* Assemble the core Computer Security Incident Response Team (CSIRT).
* Define an incident response plan.
* Contain the damage and minimize risks.