Incident Response and Recovery Flashcards
ISC2 Certified in Cybersecurity (CC) Flashcards
| Front | Back |
| Benefit of Cybersecurity Playbooks | Provide structured procedures for handling specific security incidents |
| Business Impact Analysis in Recovery | Identifies critical processes and prioritizes recovery efforts |
| Challenges of Third-Party Breaches in Incident Handling | Limited control and dependency on external entities |
| Cold Site in Recovery Strategy | A backup site requiring setup before use |
| Critical Component of Incident Response Team | Clear roles and responsibilities |
| Difference Between Detection and Identification | Detection finds potential threats; identification confirms them |
| Difference Between Proactive and Reactive Strategies | Proactive prevents incidents; reactive handles them after they occur |
| Disaster Recovery Testing | Regular testing to ensure disaster recovery plans are effective |
| First Step in Incident Response Plan | Assess the severity and classify the incident |
| Hot Site in Recovery Strategy | A fully operational backup site ready for immediate use |
| Importance of Documentation During Incident Response | Provides a record for post-incident analysis and continuous improvement |
| Importance of Employee Training in Incident Response | Reduces human errors and improves detection rates |
| Incident Response Phases | Identification, containment, eradication, and recovery |
| Key Element of Incident Handling | Proper classification of the incident |
| Key Metric for Incident Recovery | Mean Time to Recovery (MTTR) |
| Post-Incident Reviews | Analyze lessons learned and improve response processes |
| Primary Goal of Incident Response | Minimize the impact of security incidents |
| Purpose of Containment | Limit the damage and prevent further spread of the incident |
| Purpose of Threat Hunting | Proactively scan for potential threats before they become incidents |
| Role of Backups | Ensure data restoration to maintain business continuity |
| Role of Communication During Incidents | Ensures timely updates to stakeholders and mitigates misinformation |
| Role of Forensic Analysis in Incident Response | Collect evidence for litigation or understanding root cause |
| When to Engage Legal Teams | When incidents involve regulatory, legal, or sensitive data breaches |
About the Flashcards
Flashcards for the ISC2 Certified in Cybersecurity (CC) exam provide a focused review of incident response terminology and the response lifecycle. Cards cover identification, classification, containment, eradication, and recovery, plus detection versus identification distinctions, forensic analysis, documentation, and key metrics such as Mean Time to Recovery (MTTR).
They also reinforce practical concepts tested on the exam, including clear team roles and communication, use of playbooks, threat hunting, backup and disaster recovery strategies (hot and cold sites), disaster recovery testing, business impact analysis, post-incident reviews, when to involve legal teams, and challenges from third-party breaches.
Topics covered in this flashcard deck:
- Incident response phases
- Containment and recovery
- Forensic analysis
- Disaster recovery strategies
- Communication and roles
- Threat hunting and playbooks