Sound the Alarm: Detection and Response: Module 3 Flashcards
(26 cards)
Analysis
Looking closely at alerts to understand if they’re real.
Broken Chain of Custody
When evidence isn’t tracked properly.
Business Continuity Plan (BCP)
A plan to keep the business running during big problems.
Chain of Custody
Keeping track of who handled the evidence.
Containment
Stopping an attack from spreading.
Crowdsourcing
Getting help or information from lots of people online.
Detection
Finding out when something bad happens.
Documentation
Writing down what happened and what was done.
Eradication
Removing all parts of the attack.
Final Report
A full summary of the incident.
Honeypot
A fake system to catch attackers.
Incident Response Plan
A step-by-step guide for handling attacks.
Indicators of Attack (IoA)
Clues showing an attack is happening.
Indicators of Compromise (IoC)
Signs that a system was attacked.
Intrusion Detection System (IDS)
A tool that watches for attacks.
Lessons Learned Meeting
A meeting to talk about what went wrong and how to improve.
Open-Source Intelligence (OSINT)
Public info found online that helps in security work.
Playbook
A guide for what to do during an incident.
Post-Incident Activity
Looking back after an incident to learn from it.
Recovery
Getting things back to normal after an attack.
Resilience
Being ready to deal with problems and bounce back.
Standards
Rules that guide how things should be done.
Threat Hunting
Actively looking for hidden threats.
Threat Intelligence
Useful info about possible threats.
