ISTM 655 FINAL EXAM QUESTIONS WITH COMPLETE SOLUTION

ISTM 655 FINAL EXAM QUESTIONS WITH COMPLETE SOLUTION How many SME's don't have a response plan? - CORRECT ANSWERS 30% SME - CORRECT ANSWERS small and medium enterprise Incident response phases - CORRECT ANSWERS - preparation - identification - containment - eradication - recovery - lessons learned Preparation questions - CORRECT ANSWERS - has everyone been trained on security policies? - does incident response team know their roles and the required notifications to make? etc. Identification quesitons - CORRECT ANSWERS - when did the event happen - how was it discovered - have any other areas been impacted?etc. containment questions - CORRECT ANSWERS - what's been done to contain the breach short term/long term? - what sort of backups are in place - have all access credentials been reviewed for legitimacy, hardened and changed? eradication questions - CORRECT ANSWERS - have artifacts/malware from the attacker been removed? - has the system been hardened, patched, and updates applied? - can the system be re-imaged? recovery questions - CORRECT ANSWERS - when can the systems be returned to production? - can the system be restored from a trusted backup? - how long will the affected systems be monitored and what will you look for when monitoring? lessons learned questions - CORRECT ANSWERS - what changes need to be made to the security? - how should employees be trained differently? - what weakness did the breach exploit? Experian Data Breach: average cost per lost or stolen record - CORRECT ANSWERS $148 Experian Data Breach: average cost savings per record with an incident response team - CORRECT ANSWERS $14 Experian Data Breach: number of records compromised in 2017 due to employee negligence or error - CORRECT ANSWERS 149,927,550 experian data breach: the average cost of a data breach - CORRECT ANSWERS $3.86 million response team - CORRECT ANSWERS - customer care - executive leaders - incident lead - IT - legal - PR - HR - key outside partners first 24 hours after an incident - CORRECT ANSWERS - record moment of discovery - alert and activate everyone - secure the premises - stop additional data loss - document everything - interview involved parties - review notification protocol - assess priorities and risks - notify law enforcement after day 1 of incident - CORRECT ANSWERS - identify the cause - alert your external partners - continue working with forensics - identify legal obligations - report to upper management - identify conflicting initiatives - evaluate response and educate employees cyber insurance - CORRECT ANSWERS - $3-4 billion market in gross written premiums average total cost of a breach is - CORRECT ANSWERS - $4 million globally - $7 million in the US` Why follow US-CERT Federal Incident Notificaiton Guidelines - CORRECT ANSWERS - greater quality of information.... alignment with incident reporting and handling guidance to better recognize significant incidents - improved information sharing and situational awareness - faster incident response time US- CERT notification requirement - CORRECT ANSWERS - must report information security incidents to the NCCIC/US-CERT within ONE HOUR of being identified