> Nitesh (Viewer) posted a new topic in Exam Preparation on 10-25-2020 07:34 PM in the (ISC)Â² Community :
> Dear Experts
Oh, I should shut up, then ...
> When any intrusion is detected what should be your first step?
Well, the first step is the most important, so:
> a) Eliminate all means of intruder access
Eliminating all means of intruder access probably means eliminating all means of
access for everyone, which is a good way to DoS yourself, so probably not a good
> b) Contain the intrusion
My choice. Limit the damage. *Then* take stock.
> c) Determine to what extent systems and data are compromised
Good, but ...
> d) Communicate with relevant parties
Can be left until later, and probably needs to be run by PR and legal beforehand,
> According to me, the best answer should be option c) as after incident
> detection our first step to respond by analysing and documenting/verify the
> impact of the incident and then we go for mitigation and containment of the
Yeah, we need to do that analysis, and it is important, but the first thing is to limit
the damage, so, b.
email@example.com firstname.lastname@example.org email@example.com
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
"Cybersecurity Lessons from CoVID-19" CRC Press 978-0-367-68269-9
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/http://en.wikipedia.org/wiki/Robert_Sladehttps://is.gd/RotlWB http://twitter.com/rsladehttp://blogs.securiteam.com/index.php/archives/author/p1/
Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413
This message may or may not be governed by the terms of