17. Lesson Recap
Lesson Recap
ND545 C3 L4 A08 Lesson Conclusion
While it's best to be proactive and prevent security threats from being a problem as early as possible, you cannot prevent everything. Eventually something will go wrong and it's important to prepare for that. Cyber security breaches are on the rise and having a solid process for responding and containing the incident, can save companies millions of dollars in damages and prevent catastrophe. That's what incident response is all about. At this point you now know:
- The relationship between incident response, disaster recovery and business continuity
- How to distinguish events from incidents and recognize indicators of compromise
- The incident response lifecycle
- Key incident response team roles and core components of an incident response plan
Glossary
| Term | Definition |
|---|---|
| Incident Response | The process of detecting and responding to to limit consequences of a malicious, unintentional, or circumstantial cyber attack against an organization’s information systems(s). |
| Business Continuity | A predetermined process that describes how an organization’s mission/business processes will be sustained during and after a significant disruption. |
| Disaster Recovery | A predetermined process that details how critical applications and processes will be restored to normal operations at the primary business site in the event of a major hardware or software failure or destruction of facilities. |
| Event | Any observable occurrence in an information system. |
| Indicators of compromise (IoC) | A known signal that suggests a potential event is indeed an incident. |
| Incident | An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. |
| Digital forensics | Application of computer science and investigative procedures involving the examination of digital evidence. |
| Identifying | This is the practice of finding and collecting the suspected original source or asset believed to contain evidence. |
| Preserving | This is the practice of ensuring the integrity of the collected evidence and preserving a "digital trail" of the data or media. |
| Analyzing | This is the investigative portion of the process where a forensics practitioner begins looking into the acquired asset or medias data to find evidence of the suspected crime. |
| Reporting | This is the process of creating a report of findings from the investigation for presentation to stakeholders and, in some cases, an attorney or jury in court. |
As a side note, this course is a foundational course that is meant to help build the knowledge to become job-ready, but you will likely need additional training and/or coursework in order to obtain a job in this field. These foundations will set you up for success going forward and are vital to your success in this field.