Knowledge statement connection k413 numerous methods

This preview shows page 74 - 81 out of 103 pages.

Knowledge StatementConnectionK4.13Numerous methods exist to facilitate the gathering anevaluation of data relating to incident response.K4.14Plans are most effective when they take into account all ofthe resources available to the organization, including thoseprovided externally.K4.15Adjustments to the information systems environment madeduring response activities need to be evaluated for securityimplications.K4.17Plans and procedures should take into account allrequirements imposed from within and outside theorganization.K4.18Organizations need objective methods of measuring theeffectiveness of their plans as a basis for refinement.
75©Copyright 2016 ISACA. All rights reserved.Key TermsKey TermDefinitionBusiness impactanalysisA process to determine the impact of losing the support of anyresource.Chain of custodyA legal principle regarding the validity and integrity of evidence.It requires accountability for anything that will be used asevidence in a legal proceeding to ensure that it can beaccounted for from the time it was collected until the time it ispresented in a court of law.EscalationIncreasing the scope and intensity of response activities,usually through notification of higher-level staff within anorganization and the addition of resources.Seefor more key terms.
76©Copyright 2016 ISACA. All rights reserved.Key TermsKey TermDefinitionIntrusion detectionsystemInspects network and host security activity to identify suspiciouspatterns that may indicate a network or system attack.Intrusion preventionsystemA system designed to not only detect attacks, but also toprevent the intended victim hosts from being affected by theattacks.Root causeThe underlying reason an incident happenedTriageThe process of sorting, categorizing, and prioritizingevents/itemsSeefor more key terms.
77©Copyright 2016 ISACA. All rights reserved.An incident response planshould be effective andefficient.Do as much as is needed tomanage the risk.Do as little as possiblebeyond what is needed tomanage a risk.The key is knowing what isreasonably likely for agiven event.Effectiveness and Efficiency
78©Copyright 2016 ISACA. All rights reserved.Incident Management SystemsDistributed incidentmanagementsystemsConsist of multiplespecific incidentdetectioncapabilitiesExample: IDS(network- andhost-based)Centralized incidentmanagementsystemsPull together datafrom distinctcapabilities forcommon analysisExample: SIEM
79©Copyright 2016 ISACA. All rights reserved.SIEMAn effective SIEM will:Consolidate and correlate inputs from multiplesystemsIdentify incidents or potential incidentsNotify staffPrioritize incidents based on business impactTrack incidents until they are closedProvide status tracking and notificationsIntegrate with major IT management systemsImplement good practices guidelines
80©Copyright 2016 ISACA. All rights reserved.Incident ManagementSystem ConsiderationsSome considerations for incident managementsystems include:

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 103 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Summer
Professor
N/A
Tags
Incident management systems

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture