Which of the following incident response steps involves actions to protect critical systems while maintaining business operations?
A.
Investigation B.
Containment C.
Recovery D.
Lessons learned.
B.
Which of the following incident response steps involves actions to protect critical systems while maintaining business operations?
A.
Investigation
B.
Containment
C.
Recovery
D.
Lessons learned.
B.
The incident response process is a set of procedures followed by an organization to identify, investigate, contain, eradicate, recover from, and document security incidents. The process ensures that an organization can quickly and effectively respond to a security incident, minimize damage, and restore normal operations as soon as possible. The four steps in incident response are:
A. Investigation: This step involves identifying and analyzing the security incident to determine its nature, scope, and severity. It may include collecting and analyzing data, examining system logs, and interviewing witnesses. The goal of this step is to gather as much information as possible about the incident to determine the appropriate response.
B. Containment: This step involves taking immediate actions to limit the impact of the incident and prevent it from spreading. It may include isolating affected systems, shutting down network access, or blocking specific IP addresses. The goal of this step is to prevent further damage and protect critical systems while maintaining business operations.
C. Recovery: This step involves restoring normal operations and services after the incident has been contained and eradicated. It may include restoring data from backups, reinstalling software, and reconfiguring systems. The goal of this step is to minimize downtime and restore business operations as quickly as possible.
D. Lessons learned: This step involves reviewing the incident response process to identify areas for improvement. It may include analyzing the incident response plan, documenting lessons learned, and providing feedback to stakeholders. The goal of this step is to continuously improve the incident response process and enhance the organization's overall security posture.
In summary, the step that involves actions to protect critical systems while maintaining business operations is the containment step. This step is critical to prevent further damage and ensure that the organization can continue to operate during and after the incident.