course 8 – PUT IT TO WORK: PREPARE FOR CYBERSECURITY JOBS

Module 2: Escalate Incidents  

GOOGLE ADVANCED DATA ANALYTICS PROFESSIONAL CERTIFICATE

Complete Coursera Study Guide

Enroll in Coursera Google Cybersecurity Professional Certificate

TABLE OF CONTENT

INTRODUCTION – Escalate Incidents

In this segment, participants will delve into the critical aspects of incident prioritization and escalation within the realm of cybersecurity. Understanding the significance of these processes is paramount, as they directly influence the safety and integrity of business operations. The module will elucidate the decision-making framework employed by security professionals, shedding light on how their strategic choices contribute to maintaining the security posture of organizations.

By comprehending the intricacies of incident prioritization, participants will gain insights into the methodologies employed to assess the severity and urgency of different incidents. The exploration of incident escalation will further elucidate the procedures through which security professionals elevate the response level based on the criticality of the situation. This comprehensive overview aims to equip learners with the knowledge and skills needed to navigate the nuanced landscape of incident management, empowering them to make informed decisions that safeguard organizational assets and uphold cybersecurity resilience.

Learning Objectives

  • Define incident escalation from a security analyst perspective.
  • Explore the various security incident classification types.
  • Recognize the impact various security incidents have on business operations.
  • Determine when and how to escalate a security incident.

TEST YOUR KNOWLEDGE: TO ESCALATE OR NOT TO ESCALATE

1. Fill in the blank: A malware infection is an incident type that occurs when _____.

  • a computer’s speed and performance improves
  • an employee of an organization violates the organization’s acceptable use policies
  • a website experiences high traffic volumes
  • malicious software designed to disrupt a system infiltrates an organization’s computers or network (CORRECT)

2. Fill in the blank: Improper usage is an incident type that occurs when _____.

  • an employee that runs an organization’s public relations posts incorrect data on the company’s social media page
  • an individual gains digital or physical access to a system or application without permission
  • malicious software designed to disrupt a system infiltrates an organization’s computers or network.
  • an employee of an organization violates the organization’s acceptable use policies (CORRECT)

Improper usage is an incident type that occurs when an employee of an organization violates the organization’s acceptable use policies.

3. When should you escalate improper usage to a supervisor?

  • Improper usage incidents should always be escalated out of caution. (CORRECT)
  • Improper usage incidents should be escalated if there is a high level of improper usage.
  • Improper usage attempts that affect high-priority assets should be escalated; other improper usage instances are not as important.
  • Improper usage does not need to be escalated because these are in-house scenarios that can be handled without reporting them to the security team.

Improper usage should always be escalated.

4. Fill in the blank: Unauthorized access is an incident type that occurs when _____.

  • malicious software designed to disrupt a system infiltrates an organization’s computers or network
  • an employee of an organization violates the organization’s acceptable use policies
  • an individual gains digital or physical access to a system, data, or an application without permission (CORRECT)
  • an authorized employee sends a job description to a friend before the job description has been released to the public
  • Unauthorized access is an incident type that occurs when an individual gains digital or physical access to a system, data, or an application without permission.

TEST YOUR KNOWLEDGE: TIMING IS EVERYTHING

1. All security incidents should be escalated.

  • True
  • False (CORRECT)

Not all security incidents should be escalated. However, most should be escalated and some are more urgent than others.

2. You’ve recently been hired as a cybersecurity analyst for an office supply organization.  Which incident can have the most impact on the organization’s operations?

  • The organization’s guest Wi-Fi network is down
  • An employee forgets their login credentials
  • The organization’s manufacturing network is compromised (CORRECT)
  • A user’s social media profile has the wrong birthday displayed

A manufacturing network is a major part of an organization’s business operations. If it is compromised, it can lead to major financial loss.

3. Fill in the blank: A(n) _____ is a set of actions that outlines who should be notified when an incident alert occurs and how that incident should be handled.

  • event
  • escalation policy (CORRECT)
  • security incident
  • playbook

An escalation policy is a set of actions that outlines who should be notified when an incident alert occurs and how that incident should be handled.

4. Which incident classification type occurs when an employee violates an organization’s acceptable use policy?

  • Improper usage (CORRECT)
  • Containment
  • Unauthorized access
  • Malware infection

The improper usage incident classification type occurs when an employee violates the organization’s acceptable use policy.

MODULE 2 CHALLENGE

1. What security term describes the identification of a potential security event, triaging it, and handing it off to a more experienced team member?

  • SOC operations
  • Incident escalation (CORRECT)
  • Social engineering
  • Data security protection

2. Fill in the blank: _____ is a skill that will help you identify security incidents that need to be escalated.

  • Leadership
  • Graphics design
  • Attention to detail (CORRECT)
  • Linux operations

3. What elements of security do terms like unauthorized access, malware infections, and improper usage describe?

  • Public press releases
  • Company job descriptions
  • Phishing attempts
  • Incident classification types (CORRECT)

4. Which incident type involves an employee violating an organization’s acceptable use policy?

  • Phishing
  • Unauthorized access
  • Malware infection
  • Improper usage (CORRECT)

5. Which of the following security incidents can have the most damaging impact to an organization?

  • An employee forgets their password and logs too many failed login attempts
  • A system containing customer PII is compromised (CORRECT)
  • The guest Wi-Fi network for a company is hacked
  • A company’s social media account is compromised

6. What is the best way to determine the urgency of a security incident?

  • Email the Chief Information Security Officer (CISO) of the company for clarification.
  • Identify the importance of the assets affected by the security incident. (CORRECT)
  • Reach out to the organization’s Red Team supervisor to determine urgency.
  • Contact the risk assessment team to determine urgency.

7. What security term is defined as a set of actions that outlines who should be notified when an incident alert occurs?

  • A vulnerability scan system
  • A security risk assessor
  • A network architecture alert
  • An escalation policy (CORRECT)

8. Why is it important for analysts to follow a company’s escalation policy? Select two answers.

  • An escalation policy can help analysts prioritize which security events need to be escalated with more or less urgency. (CORRECT)
  • An escalation policy can help analysts determine the best way to cross-collaborate with other members of their organization.
  • An escalation policy instructs analysts on the right person to contact during an incident. (CORRECT)
  • An escalation policy can help analysts determine which tools to use to solve an issue.

9. A new security analyst has just been hired to an organization and is advised to read through the company’s escalation policy. What kind of information will the analyst be educated on when reading through this policy?

  • They will learn when and how to escalate security incidents. (CORRECT)
  • They will learn the best way to create visual dashboards to communicate with executives.
  • They will learn how to use the Linux operating system. They will learn the best way to communicate with stakeholders.

10. Which skills will help you identify security incidents that need to be escalated? Select two answers.

  • Excellent communication skills
  • Ability to follow an organization’s escalation guidelines or processes (CORRECT)
  • Ability to collaborate well with others
  • Attention to detail (CORRECT)

11. As a security analyst, you might be asked to escalate various incidents. Which of the following are common incident classification types? Select two answers.

  • Gift card scam
  • Unauthorized access (CORRECT)
  • SPAM
  • Malware infection (CORRECT)

12. An employee attempting to access software on their work device for personal use can be an example of what security incident type?

  • Unauthorized access
  • Improper usage (CORRECT)
  • Social engineering
  • Malware infection

13. A security analyst for an organization notices unusual log activity in an app that was recently banned from the organization. However, the analyst forgets to escalate this activity to the proper personnel. What potential impact can this small incident have on the organization?

  • The third-party assessment team might be removed by the organization.
  • Small incidents rarely have any impact on an organization.
  • The organization might need to delete its social media profile.
  • It can become a bigger threat. (CORRECT)

14. How can an escalation policy help security analysts do their jobs?

  • An escalation policy educates analysts on how to be aware of phishing attempts.
  • An escalation policy outlines who should be notified when an incident occurs. (CORRECT)
  • An escalation policy instructs the analysts on how to scan for vulnerabilities.
  • An escalation policy outlines when to alert the public of a data breach.

15. You have recently been hired as a security analyst for an organization. You previously worked at another company doing security, and you were very familiar with their escalation policy. Why would it be important for you to learn your new company’s escalation policy?

  • Every company has a different escalation policy, and it is an analyst’s job to ensure incidents are handled correctly. (CORRECT)
  • The escalation policy will help you with vulnerability scanning.
  • The policy will help you analyze data logs.
  • The policy will advise you on who to report to each day.

16. Fill in the blank: A/An _____ will help an entry-level analyst to know when and how to escalate a security incident.

  • escalation policy (CORRECT)
  • blue team CIRT guideline
  • executive security dashboard
  • employee security handbook

17. Which of the following security incidents is likely to have the most negative impact on an organization?

  • An employee having a phone conversation about a work project in the breakroom
  • Unauthorized access to a manufacturing application (CORRECT)
  • An employee sends an email to the wrong colleague
  • An employee’s account flagged for multiple login attempts

18. Fill in the blank: Entry-level analysts might need to escalate various incident types, including _____.

  • mismanagement of funds
  • missing software
  • noncompliance of tax laws
  • improper usage (CORRECT)

19. You are alerted that a hacker has gained unauthorized access to one of your organization’s manufacturing applications. At the same time, an employee’s account has been flagged for multiple failed login attempts. Which incident should be escalated first?

  • The best thing to do is escalate the incident that your supervisor advised you to escalate first.
  • The incident involving the malicious actor who has gained unauthorized access to the manufacturing application should be escalated first. (CORRECT)
  • The incident involving the employee who is unable to log in to their account should be escalated first.
  • Both security incidents should be escalated at the same time.

20. What is a potential negative consequence of not properly escalating a small security incident? Select two answers.

  • The company can suffer a financial loss. (CORRECT)
  • The company can suffer a loss in reputation. (CORRECT)
  • The company’s antivirus software can be uninstalled.
  • The company’s employee retention percentage can decrease drastically.

21. Unauthorized access to a system with PII is _____ critical than an employee’s account being flagged for multiple failed login attempts.

  • less
  • equally
  • marginally
  • more (CORRECT)

22. Fill in the blank: Incident escalation is the process of _____.

  • properly assessing security events
  • reporting a security incident to a human resource department for compliance purposes
  • identifying a potential security incident, triaging it, and handing it off to a more experienced team member (CORRECT)
  • creating a visual dashboard that shows security stakeholders the amount of security incidents taking place

23. Fill in the blank: Security incidents involving the PII of customers should be escalated with a ____ level of urgency compared to incidents that do not involve customer PII.

  • moderate
  • minimal
  • lower
  • higher (CORRECT)

24. Fill in the blank: _____ is important when following a company’s escalation policy to ensure you follow the policy correctly.

  • Working remotely
  • Delegating tasks
  • Attention to detail (CORRECT)
  • Reading quickly

25. Which of the following is an essential part of incident escalation?

  • Communicate a potential security incident to a more experienced team member (CORRECT)
  • Make reactive decisions
  • Maintain data logs that detail previous security events
  • Create a visual dashboard that details a solution to the security problem

26. Fill in the blank: An escalation policy is a set of actions that outlines _____.

  • how to manage the security stakeholders of an organization
  • how to escalate customer service complaints
  • how to handle a security incident alert (CORRECT)
  • how to defend an organization’s data and assets

CONCLUSION – Escalate Incidents

In conclusion, this module serves as a vital exploration into incident prioritization and escalation, providing participants with a deep understanding of their pivotal roles in cybersecurity. Armed with this knowledge, learners are equipped to navigate the dynamic challenges of incident management.

The insights gained into decision-making processes, severity assessment, and escalation procedures contribute to the development of well-rounded cybersecurity professionals. As participants conclude this segment, they emerge with the expertise necessary to uphold the security posture of organizations and effectively respond to diverse cybersecurity incidents, ensuring the continued resilience of business operations.

Previous Module
Next Module

Subscribe to our site

Get new content delivered directly to your inbox.

Quiztudy Top Courses

Popular in Coursera

Liking our content? Then, don’t forget to ad us to your BOOKMARKS so you can find us easily!

Subscribe