Please enable JavaScript.
Coggle requires JavaScript to display documents.
LESSON 17 PERFORMING INCIDENT RESPONSE - Coggle Diagram
LESSON 17
PERFORMING INCIDENT RESPONSE
17A: Summarize Incident Response Procedures
Incident Response Process
Cyber Incident Response Team
Communication Plan and Stakeholder Management
Communication Plan
Stakeholder Management
Incident Response Plan (IRP)
Cyber Kill Chain Attack Framework
Other Attack Frameworks
MITRE ATT&CK
The Diamond Model of Intrusion Analysis
Incident Response Exercise
Tabletop
Walkthrough
Simulations
Incident Response, Disaster Recovery, and Retention Policy
Incident Reponse vs Disaster Recovery and Business Continuity
Incident Response, Forensics, and Retention Policy
17B: Utilize Appropriate Data Source for Incident Response
Trend Analysis
Logging Platforms
Syslog
Rsyslog and Syslog-ng
journalctl
NXlog
SIEM Dashboards
Sensitivity and Alerts
Sensors
Network, OS, and Security Log Files
System and Security Logs
Network Logs
Authentication Logs
Vulnerability Scan Output
Security and Information Event Management (SIEM)
Correlation
Retentation
Application Logs Files
DNS Event Logs
Web/HTTP Access Logs
VoIP and Call Managers and Session Initiation Protocol (SIP) Traffic
Dump Files
Incident Identification
First Responder
Analysis and Incident Identification
Metadata
File
Web
Email
Mobile
Network Data Sources
Protocol Analyzer Output
Netflow/IPFIX
sFlow
Bandwidth Monitor
17C: Apply Mitigation Controls
Incident Containment
Isolation-Based Containment
Segmentation-Based Containment
Incident Eradication and Recovery
Firewall Configuration Changes
Content Filter Configuration Changes
Data Loss Preventation (DLP)
Mobile Device Management (MDM)
Update or Revoke Certificates
Endpoint Configuration Changes
Application Allow Lists and Block Lists
Quarantine
Security Orchestration, Automation, and Response (SOAR)
Adversarial AI