CHAPTER 13Incident Response and Handling
Objectives
Upon completion of this chapter, you will be able to answer the following questions:
What are the steps in the Cyber Kill Chain?
How do you classify an intrusion event using the Diamond Model?
How do you apply the VERIS schema to an incident?
What are the various goals of a given CSIRT?
How do you apply the NIST 800-61r2 incident handling procedures to a given incident scenario?
Key Terms
This chapter uses the following key terms. You can find the definitions in the Glossary.
command and control (CnC or C2) page 586
Vocabulary for Event Recording and Incident Sharing (VERIS) page 592
Get CCNA Cybersecurity Operations Companion Guide, First Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.