• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/64

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

64 Cards in this Set

  • Front
  • Back
The three staffing models for for the SIRT are _____, Partially Outsourced, and Fully Outsourced.
Employees
The three staffing models for for the SIRT are Employees, _____ Outsourced, and Fully Outsourced.
Partially
The three staffing models for for the SIRT are Employees, Partially Outsourced, and _____ Outsourced.
Fully
The five typical stakeholders included on the IR planning committee are _____ of _____ (such as general management, IT management, and InfoSec management), Organizational departments (such as Legal and HR), Public Relations department, General End Users, and Other groups (such as physical security, auditing and risk management, insurance, key business partners, contractors, temporary employee agencies, and consultants).
Communities of interest
The five typical stakeholders included on the IR planning committee are Communities of interest (such as general management, IT management, and InfoSec management), _____ departments (such as Legal and HR), Public Relations department, General End Users, and Other groups (such as physical security, auditing and risk management, insurance, key business partners, contractors, temporary employee agencies, and consultants).
Organizational
The five typical stakeholders included on the IR planning committee are Communities of interest (such as general management, IT management, and InfoSec management), Organizational departments (such as Legal and HR), _____ _____ department, General End Users, and Other groups (such as physical security, auditing and risk management, insurance, key business partners, contractors, temporary employee agencies, and consultants).
Public Relations
The five typical stakeholders included on the IR planning committee are Communities of interest (such as general management, IT management, and InfoSec management), Organizational departments (such as Legal and HR), Public Relations department, General _____ _____, and Other groups (such as physical security, auditing and risk management, insurance, key business partners, contractors, temporary employee agencies, and consultants).
End Users
The five typical stakeholders included on the IR planning committee are Communities of interest (such as general management, IT management, and InfoSec management), Organizational departments (such as Legal and HR), Public Relations department, General End Users, and _____ groups (such as physical security, auditing and risk management, insurance, key business partners, contractors, temporary employee agencies, and consultants).
Other
General Management is an example of _____.
Communities of interest
IT management is an example of _____.
Communities of interest
Infosec management is an example of _____.
Communities of interest
The Legal department is an example of _____.
Organizational departments
The HR department is an example of _____.
Organizational departments
Physical security is an example of _____.
Other groups
Auditing and risk management are examples of _____.
Other groups
Insurance is an example of _____.
Other groups
Key business partners are examples of _____.
Other groups
Contractors are examples of _____.
Other groups
Temporary employee agencies are examples of _____.
Other groups
Consultants are examples of _____.
Other groups
Verify an actual incident is occurring is an action taken when?
During the Incident
Determine the extent of exposure is an action taken when?
During the Incident
Attempt to contain or quarantine the damage is an action taken when?
During the Incident
Continue to look for small “flare-ups” is an action taken when?
During the Incident
Stages necessary to recover from the most likely events of the incident is an action taken when?
After the Incident
Protection from follow-on incidents is an action taken when?
After the Incident
Forensics analysis is an action taken when?
After the Incident
Action-after review (AAR) is an action taken when?
After the Incident
Implement good information technology and information security practices is an action taken when?
Before an Incident
Implement preventative measures to manage risks is an action taken when?
Before an Incident
Ensure preparedness of the IR team is an action taken when?
Before an Incident
Presence of unfamiliar files is what type of incident indicator?
Possible
Presence or execution of unknown programs or processes is what type of incident indicator?
Possible
Unusual consumption of computing resources is what type of incident indicator?
Possible
Unusual system crashes is what type of incident indicator?
Possible
Activities at unexpected times is what type of of incident indicator?
Probable
Presence of new accounts is what type of incident indicator?
Probable
Reported attacks is what type of incident indicator?
Probable
Notification from an intrusion detection system (IDS) is what type of incident indicator?
Probable
Use of dormant accounts is what type of incident indicator?
Definite
Changes to logs is what type of incident indicator?
Definite
Presence of hacker tools is what type of incident indicator?
Definite
Notifications by partner or peer is what type of incident indicator?
Definite
Notification by hacker is what type of incident indicator?
Definite
Loss of availability of information or systems is an indicator of what?
Actual Incident Underway
Loss of integrity of data is an indicator of what?
Actual Incident Underway
Loss of confidentiality (leaks or disclosures) is an indicator of what?
Actual Incident Underway
Violation of policy is an indicator of what?
Actual Incident Underway
Violation of law is an indicator of what?
Actual Incident Underway
The failure of an intrusion detection system to react to an actual attack event. Of all failures, this is the most grievous. (Attack is happening but not Alarm has been triggered)
False Negative
An alarm or alert that indicates an attack is in progress or that an attack has successfully occurred, when in fact there was no attack. (No Attack yet Alarm has been triggered)
False Positive
Attack is happening and the IDS alarm has been triggered
True Positive
No Attack and No Alarm
True Negative
What is another term for a False Positive?
Noise
Legitimate activities wrongly reported as incident candidates
Noise
How may false positives be reduced?
Moving sensor to reduce noise
A network intrusion detection system that resides on a particular computer or server, known as the host, and monitors activity only on that system.
Host-based IDS (HIDS)
Monitors traffic on a segment of an organization's network. A NIDS looks for indications of ongoing or successful attacks and resides on a computer or appliance connected to that network segment.
Network-based IDS (NIDS)
An intrusion detection system that focuses its monitoring and analysis on a specific application protocol or protocols in use by the computing system.
Application protocol-based IDS (APIDS)
Monitors an application
Application-based IDS (AppIDS)
Monitors a computer or server
Host-based IDS (HIDS)
Monitors network traffic
Network-based IDS (NIDS)
The two approaches to detecting IDS events are by _____: examines data traffic in search of known patterns
Statistical anomaly-based IDS: compares stored baselines of normal activity against current activity
Signature-based IDS (knowledge-based IDS)
The two approaches to detecting IDS events are by Signature-based IDS (knowledge-based IDS): examines data traffic in search of known patterns
_____: compares stored baselines of normal activity against current activity
Statistical anomaly-based IDS