CHAPTER 13Incident Response and Handling

Objectives

Upon completion of this chapter, you will be able to answer the following questions:

  • What are the steps in the Cyber Kill Chain?

  • How do you classify an intrusion event using the Diamond Model?

  • How do you apply the VERIS schema to an incident?

  • What are the various goals of a given CSIRT?

  • How do you apply the NIST 800-61r2 incident handling procedures to a given incident scenario?

Key Terms

This chapter uses the following key terms. You can find the definitions in the Glossary.

Cyber Kill Chain page 582

weaponization page 584

command and control (CnC or C2) page 586

Diamond Model page 588

Vocabulary for Event Recording and Incident Sharing (VERIS) page 592

Computer Security Incident Response ...

Get CCNA Cybersecurity Operations Companion Guide, First Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial