11 Jul WHAT IS THE RISK OF STARTING TO CONTAIN AN INCIDENT PRIOR TO COMPLETING THE IDENTIFICATION PROCESS?
When you are notified that a user’s workstation or system is acting strangely
and log files indicate system compromise, what is the first thing you should do to the workstation or system and why?
The first thing you should do is to isolate and quarantine the workstation. This is done in an attempt to stop the spread of the infection and/or close off access to the perpetrator.
When an antivirus program identifies a virus and quarantines this file, has the
malware been eradicated?
No, this means the identified virus has been isolated so that it can no longer be activated. This does not mean that all malicious software has been eradicated or that all of it is even quarantined, given that a virus scan can potentially miss newer viruses if the antivirus software’s signature database is not up to date.
What is the SANS Institute’s six-step incident handling process?
Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned.
What is the risk of starting to contain an incident prior to completing the
identification process?
There is no risk in taking the infected workstation offline to prevent contamination to other workstations or server on the network. The isolated machine should not be powered off, it should be left in its steady state for further analysis.
Why is it a good idea to have a security policy that defines the incident
response process in your organization?
It is a good idea to have a security policy that defines the incident response process because it would allow for users to act quickly and efficiently in the case of an attack/breach. At the very minimum the security policy would list who to notify in this type of situation.
The post-mortem, lessons learned step is the last in the incident response
process. Why is this the most important step in the process?
There should always be a follow-up meeting to discuss the incident and make suggestions to improve the incident handling plan. Focus on preventing future occurrences of the incident that just happened.
The lessons learned during the debriefing can then be used to determine the changes that will be made to improve the incident response process next time it is put into effect.
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.
About Writedemy
We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.
How It Works
To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Are there Discounts?
All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.