You work as a Senior Marketing Manger for Umbrella Inc.
You find out that some of the software applications on the systems were malfunctioning and also you were not able to access your remote desktop session.
You suspected that some malicious attack was performed on the network of the company.
You immediately called the incident response team to handle the situation who enquired the Network Administrator to acquire all relevant information regarding the malfunctioning.
The Network Administrator informed the incident response team that he was reviewing the security of the network which caused all these problems.
Incident response team announced that this was a controlled event not an incident.
Which of the following steps of an incident handling process was performed by the incident response team?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The incident handling process is a set of procedures that are followed in the event of an actual or suspected security incident in an organization's IT infrastructure. The process consists of several steps, including preparation, identification, containment, eradication, and recovery.
In this scenario, the Senior Marketing Manager for Umbrella Inc. discovered that some of the software applications on the systems were malfunctioning, and they were unable to access their remote desktop session. They suspected that a malicious attack was performed on the network of the company and immediately called the incident response team to handle the situation.
The incident response team, in turn, enquired the Network Administrator to acquire all relevant information regarding the malfunctioning. The Network Administrator informed the incident response team that he was reviewing the security of the network which caused all these problems. The incident response team then announced that this was a controlled event, not an incident.
Based on this information, the step performed by the incident response team was identification. Identification is the step where a security event or potential security event is detected, reported, and analyzed to determine its nature, scope, and potential impact. In this case, the incident response team was called to investigate the suspected malicious attack and identify the cause of the software malfunctioning and remote desktop session access problem.
Containment, on the other hand, is the step where the incident response team takes action to prevent the incident from spreading or causing further damage. Eradication is the step where the incident response team eliminates the cause of the incident and restores the affected systems and services. Preparation is the step where an organization develops and implements policies, procedures, and controls to prepare for potential security incidents.
In conclusion, the incident response team in this scenario performed the identification step, where they investigated the incident to determine its nature, scope, and potential impact.