CSIA 310 Week 1 Incident Handling
Questions & Answers 100% Verified
FISMA - Correct Answer-The Federal Information Security Management Act
(FISMA) requires
Federal agencies to establish incident response capabilities
Point of contact requirement - Correct Answer-Each Federal civilian agency must
designate a
primary and secondary point of contact (POC) with US-CERT and report all
incidents consistent
with the agency's incident response policy.
US-CERT - Correct Answer-United States Computer Emergency Readiness Team
Establishing an incident response capability actions - Correct Answer-Creating an
incident
response policy and plan
Developing procedures for performing incident handling and reporting
Setting guidelines for communicating with outside parties regarding incidents
Selecting a team structure and staffing model
, CSIA 310 Week 1 Incident Handling
Questions & Answers 100% Verified
Establishing relationships and lines of communication between the incident
response team and
other groups, both internal (e.g., legal department) and external (e.g., law
enforcement agencies)
Determining what services the incident response team should provide 1
Staffing and training the incident response team.
Reducing incidents - Correct Answer-Organizations should reduce the frequency
of incidents by
effectively securing networks, systems,
and applications.
Document interactions - Correct Answer-Organizations should document their
guidelines for
interactions with other organizations regarding incidents.
Prepardness - Correct Answer-Organizations should be generally prepared to
handle any incident
, CSIA 310 Week 1 Incident Handling
Questions & Answers 100% Verified
but should focus on being prepared to handle incidents that use common attack
vectors.
Attack Vectors - Correct Answer-External/Removable Media: An attack executed
from
removable media (e.g., flash drive, CD) or a peripheral device.
Attrition: An attack that employs brute force methods to compromise, degrade,
or destroy
systems, networks, or services.
Web: An attack executed from a website or web-based application.
Email: An attack executed via an email message or attachment.
Improper Usage: Any incident resulting from violation of an organization's
acceptable usage
policies by an authorized user, excluding the above categories.
Loss or Theft of Equipment: The loss or theft of a computing device or media
used by the
, CSIA 310 Week 1 Incident Handling
Questions & Answers 100% Verified
organization, such as a laptop or smartphone.
Other: An attack that does not fit into any of the other categories.
detection - Correct Answer-Organizations should emphasize the importance of
incident detection
and analysis throughout the organization.Automation is needed to perform an
initial analysis of
the data and select events of interest for human review. Event correlation
software can be of
great value in automating the analysis process.
prioritize - Correct Answer-Organizations should create written guidelines for
prioritizing
incidents.
Lessons learned - Correct Answer-Organizations should use the lessons learned
process to gain
value from incidents.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller KarmaScores. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $15.49. You're not tied to anything after your purchase.
