Online Courses
Cyber Incident Response
Online Courses
Cyber Incident Response
  • Cyber Incident Response
  • Incident Response Fundamentals
    • Introduction to Incident Response
    • Why is incident response needed?
    • Incident Response Phases
    • Business Continuity and Disaster Recovery roles
    • Building an IR playbook
    • Building and IR team
    • Quiz
  • Stages of Incident Response
    • Incident definitions and severity criteria
    • Identifying threats and vulnerabilities
    • Incident Response assets inventory and identification
    • Incident identification
      • Incident Response classification levels
      • Communication/notification of an incident
      • Identification tools and techniques
    • Incident containment
      • Determining status of infected/affected computing resources
      • Containment actions
      • Containment tools and techniques
    • Incident investigation
      • Investigation data sources
      • The role of Digital Forensics
    • Incident eradication
      • Cleanup and verification
      • Notification
      • Eradication tools and techniques
    • Incident recovery
      • Service and System restoration
      • Certification and validation of Business Continuity
      • Recovery and restoration tools and techniques
  • Follow Up / Lessons Learned
    • Assessing the team and processes' effectiveness
    • Implementing improvements
    • Feedback from other teams in the organization
    • Quiz
  • Understanding the Incident Response process and tools quiz
Powered by GitBook
On this page
  • Why threat identification is important
  • Insider threats
  • Outside threats
  • Natural disasters
  • Uneducated end users
  • Unqualified IT/security staff
  • Ransomware
  1. Stages of Incident Response

Identifying threats and vulnerabilities

Why threat identification is important

Identifying the threat can be part of response

Threat knwoledge is often needed to properly respond

There are many kinds of threats to an organization's information

Insider threats

Not as big of a threat as in the past but still common

Some insider threats are unintentional

Still often overlooked

This should include contractors, suppliers and even customers!

Outside threats

  • APTs and other threat actors

  • Malware

  • Viruses

  • Script kiddies

  • Competitors

Natural disasters

Often cannot be quantitated

Could result in loss of life (most serious loss)

Uneducated end users

End-user attacks are the most common reasons for breach

  • Phishing attacks, other social engineering, etc

Training programs should include some knowledge of IR

Also often the first indicators of attack

Unqualified IT/security staff

Perhaps the biggest gap

Fixable with appropriate training and resources

Can be the best source of defense

  • Can also be the biggest vulnerability

Ransomware

Becoming more prevalent

Becoming harder to stop

They are getting smarter and expanding their scope

PreviousIncident definitions and severity criteriaNextIncident Response assets inventory and identification

Last updated 8 months ago