{"id":2990,"date":"2019-08-31T11:05:24","date_gmt":"2019-08-31T11:05:24","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=2990"},"modified":"2020-05-01T11:06:29","modified_gmt":"2020-05-01T11:06:29","slug":"incidence-response","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/incidence-response\/","title":{"rendered":"Learning Incidence response"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>It is an organized approach to address and manage aftermath of a security incident<\/li><li>Aim to handle situation to limit damage and reduce recovery time and costs.<\/li><li>Ideally, incident response is done by company\u2019s computer security incident response team (CSIRT),<\/li><li>CSIRT has professionals from\n<ul>\n<li>IT<\/li>\n<\/ul>\n<ul>\n<li>legal<\/li>\n<\/ul>\n<ul>\n<li>human resources<\/li>\n<\/ul>\n<ul>\n<li>public relations<\/li>\n<\/ul>\n<\/li><li>CSIRT follows organization&#8217;s incident response plan<\/li><li>Incident response aims to plan ahead and have a flight plan before it is required<\/li><\/ul>\n\n\n\n<p><strong>Incident Response Process <\/strong><\/p>\n\n\n\n<p>Steps defined in NIST SP 800-61 as<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Establish response objectives \u2013 &nbsp;Goals may include\n<ul>\n<li>containing and mitigating issue<\/li>\n<\/ul>\n<ul>\n<li>&nbsp;recovering affected resources<\/li>\n<\/ul>\n<ul>\n<li>preserving data for forensics, and attribution<\/li>\n<\/ul>\n<\/li><li>Respond using the cloud \u2013 Have response patterns if event occurs.<\/li><li>Preserve Evidence \u2013 Preserve logs, snapshots, and&nbsp; other evidence by copying to centralized security cloud account. Use tags, metadata, and mechanisms that enforce retention policies.<\/li><li>Use redeployment mechanisms \u2013 Address security anomaly if any<\/li><li>Automate as applicable\u2013 Address repeat incidents by automation<\/li><li>Select scalable solutions \u2013solution should be&nbsp; scalable as per application<\/li><li>Learn and improve your process \u2013 If gaps are identified, fix them. Simulations help in locating them<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"550\" height=\"232\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-123.png\" alt=\"\" class=\"wp-image-3680\"\/><\/figure>\n\n\n\n<p><strong>Incident response plan phases <\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Prepare users to handle potential incidents<\/li><li>Identify if event qualifies as a security incident.<\/li><li>Isolate systems to limit damage by security incidents<\/li><li>Search for root cause and remove affected systems<\/li><li>Recover affected systems<\/li><li>Perform analysis to learn from incident and improve future responses.<\/li><\/ul>\n\n\n\n<p>Metrics for measuring effectiveness of incident response<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Number of incidents detected.<\/li><li>Number of incidents missed.<\/li><li>Number of incidents requiring action.<\/li><li>Number of repeat incidents.<\/li><li>The remediation timeframe.<\/li><li>Number of incidents that led to breaches.<\/li><\/ul>\n\n\n\n<p><strong>Best practices<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Identify personnel and resources which will help respond to an incident.<\/li><li>Identify tooling which will help in incidence response<\/li><li>Develop incident response plans<\/li><li>Automate containment capability<\/li><li>Identify forensic capabilities<\/li><li>Pre-provision access<\/li><li>Pre-deploy tools<\/li><li>Simulate incident response<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>It is an organized approach to address and manage aftermath of a security incident Aim to handle situation to limit damage and reduce recovery time and costs. Ideally, incident response is done by company\u2019s computer security incident response team (CSIRT), CSIRT has professionals from IT legal human resources public relations CSIRT follows organization&#8217;s incident response&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":2474,"menu_order":7,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[7,523],"class_list":["post-2990","page","type-page","status-publish","hentry","category-amazon-aws","tag-aws","tag-incidence-response"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Learning Incidence response - Testprep Training Tutorials<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/incidence-response\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Learning Incidence response - Testprep Training Tutorials\" \/>\n<meta property=\"og:description\" content=\"It is an organized approach to address and manage aftermath of a security incident Aim to handle situation to limit damage and reduce recovery time and costs. Ideally, incident response is done by company\u2019s computer security incident response team (CSIRT), CSIRT has professionals from IT legal human resources public relations CSIRT follows organization&#8217;s incident response...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/incidence-response\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-01T11:06:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-123.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/incidence-response\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/incidence-response\/\",\"name\":\"Learning Incidence response - Testprep Training Tutorials\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2019-08-31T11:05:24+00:00\",\"dateModified\":\"2020-05-01T11:06:29+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/incidence-response\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/incidence-response\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/incidence-response\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AWS Certified Security Specialty\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Learning Incidence response\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Learning Incidence response - Testprep Training Tutorials","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/incidence-response\/","og_locale":"en_US","og_type":"article","og_title":"Learning Incidence response - Testprep Training Tutorials","og_description":"It is an organized approach to address and manage aftermath of a security incident Aim to handle situation to limit damage and reduce recovery time and costs. Ideally, incident response is done by company\u2019s computer security incident response team (CSIRT), CSIRT has professionals from IT legal human resources public relations CSIRT follows organization&#8217;s incident response...","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/incidence-response\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2020-05-01T11:06:29+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-123.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/incidence-response\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/incidence-response\/","name":"Learning Incidence response - Testprep Training Tutorials","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2019-08-31T11:05:24+00:00","dateModified":"2020-05-01T11:06:29+00:00","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/incidence-response\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/incidence-response\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/incidence-response\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"AWS Certified Security Specialty","item":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/"},{"@type":"ListItem","position":3,"name":"Learning Incidence response"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2990","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=2990"}],"version-history":[{"count":5,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2990\/revisions"}],"predecessor-version":[{"id":5125,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2990\/revisions\/5125"}],"up":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2474"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=2990"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=2990"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=2990"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}