Which of the following are the six different phases of the Incident handling process? Each correct
answer represents a complete solution. Choose all that apply.
A.
Containment
B.
Identification
C.
Post mortem review
D.
Preparation
E.
Lessons learned
F.
Recovery
G.
Eradication
Explanation:
Following are the six different phases of the Incident handling process:
1.Preparation: Preparation is the first step in the incident handling process. It includes processes
like backing up copies of all key data on a regular basis, monitoring and updating software on a
regular basis, and creating and implementing a documented security policy. To apply this step a
documented security policy is formulated that outlines the responses to various incidents, as a
reliable set of instructions during the time of an incident. The following list contains items that the
incident handler should maintain in the preparation phase i.e. before an incident occurs:
Establish applicable policies
Build relationships with key players
Build response kit
Create incident checklists
Establish communication plan
Perform threat modeling
Build an incident response team
Practice the demo incidents
2.Identification: The Identification phase of the Incident handling process is the stage at which the
Incident handler evaluates the critical level of an incident for an enterprise or system. It is an
important stage where the distinction between an event and an incident is determined, measured
and tested.
3.Containment: The Containment phase of the Incident handling process supports and builds up
the incident combating process. It helps in ensuring the stability of the system and also confirms
that the incident does not get any worse.
4.Eradication: The Eradication phase of the Incident handling process involves the cleaning-up of
the identified harmful incidents from the system. It includes the analyzing of the information that
has been gathered for determining how the attack was committed. To prevent the incident from
happening again, it is vital to recognize how it was conceded out so that a prevention technique is
applied.
5.Recovery: Recovery is the fifth step of the incident handling process. In this phase, the Incident
Handler places the system back into the working environment. In the recovery phase the Incident
Handler also works with the questions to validate that the system recovery is successful. This
involves testing the system to make sure that all the processes and functions are working normal.
The Incident Handler also monitors the system to make sure that the systems are not
compromised again. It looks for additional signs of attack.
6.Lessons learned: Lessons learned is the sixth and the final step of incident handling process.
The Incident Handler utilizes the knowledge and experience he learned during the handling of theincident to enhance and improve the incident-handling process. This is the most ignorant step of
all incident handling processes. Many times the Incident Handlers are relieved to have systems
back to normal and get busy trying to catch up other unfinished work. The Incident Handler should
make documents related to the incident or look for ways to improve the process.
Answer option C is incorrect. The post mortem review is one of the phases of the Incident
response process.