Information Security – Cybersecurity Notes
UoPX Advanced Cybersecurity Certification
Incident Response Management
Defining an Incident – any event should be considered an incident. A breach is when a bad actor
or unauthorized user gains access (physical or network) to an area that they are not allowed
access to.
An incident is any event that has a negative effect on the confidentiality, integrity, or availability
of an org's assets - ITIL defines it as an unplanned interruption to an IT service or a reduction in
the quality of an IT service.
Security incident refers to an incident that is the result of an attack or the result of malicious or
intentional actions.
Some policies include examples:
Any attempted network intrusion
Any attempted DoS attack
Any detection of malicious software
Any unauthorized access of data
Any violation of security policies
Incident Response Steps
1. Detection
a. IDS/IPS
b. Anti-malware
c. Log scanning for predefined events
d. End user detection of an irregular activity
2. Response
a. Varies depending on the severity of the incident - CIRT (computer incident
response team)
b. Trained members to respond and investigate, assess damage, collect evidence,
reporting, and recovery
3. Mitigation
a. Goal is to limit the effect or scope of an incident
4. Reporting
1
UoPX Advanced Cybersecurity Certification
Incident Response Management
Defining an Incident – any event should be considered an incident. A breach is when a bad actor
or unauthorized user gains access (physical or network) to an area that they are not allowed
access to.
An incident is any event that has a negative effect on the confidentiality, integrity, or availability
of an org's assets - ITIL defines it as an unplanned interruption to an IT service or a reduction in
the quality of an IT service.
Security incident refers to an incident that is the result of an attack or the result of malicious or
intentional actions.
Some policies include examples:
Any attempted network intrusion
Any attempted DoS attack
Any detection of malicious software
Any unauthorized access of data
Any violation of security policies
Incident Response Steps
1. Detection
a. IDS/IPS
b. Anti-malware
c. Log scanning for predefined events
d. End user detection of an irregular activity
2. Response
a. Varies depending on the severity of the incident - CIRT (computer incident
response team)
b. Trained members to respond and investigate, assess damage, collect evidence,
reporting, and recovery
3. Mitigation
a. Goal is to limit the effect or scope of an incident
4. Reporting
1
