COURSE 7 – CYBERSECURITY CAPSTONE: BREACH RESPONSE CASE STUDIES
Module 1: Incident Management Response and Cyberattack Frameworks
IBM CYBERSECURITY ANALYST PROFESSIONAL CERTIFICATE
Complete Coursera Study Guide
INTRODUCTION – Incident Management Response and Cyberattack Frameworks
Welcome to the module dedicated to Incident Management Response and the intricate exploration of cyberattack frameworks. Throughout this module, you will delve into the critical processes of Incident Management Response, honing your skills in effectively addressing and mitigating cyber threats.
Additionally, you will immerse yourself in the analysis of a specific cyberattack framework, gaining invaluable insights into its structure, methodologies, and implications within the realm of cybersecurity. Prepare to deepen your understanding and enhance your capabilities in safeguarding against digital adversaries.
Learning Objectives
- Explain how watering hole attacks work
- List measures that could have prevented the Target Corporation data breach
- Describe the cost of the Target Corporation data breach
- Identify vulnerabilities exploited in the Target Corporation data breach
- Summarize the timeline of the Target Corporation data breach
- Describe data breaches, including their common characteristics
- Identify tips for preventing cyberattacks
- Describe each phase of a cyberattack detailed in the IBM X-Force IRIS cyberattack framework
- Configure automatic processing of inbound email using the IBM Resilient platform
- Identify the essential requirements of each phase of the incident response lifecycle
- Describe critical considerations for assembling an incident response team
- Discuss the actions recommended by the National Institute of Standards and Technology (NIST) for establishing an incident response capability
INCIDENT MANAGEMENT KNOWLEDGE CHECK
1. In creating an incident response capability in your organization, NIST recommends taking 6 actions. Which three (3) actions are included on that list? (Select 3)
- Establish a formal incident response capability (CORRECT)
- ‘Create an incident response policy (CORRECT)
- ‘Hold incident response drills on a regular basis
- ‘Develop an incident response plan based on the incident response policy (CORRECT)
Partially correct!
2. Which incident response team model would best fit the needs of a small company that runs its business out of a single office building or campus?
- Hybrid incident response team
- Distributed incident response team
- Coordinating incident response team
- Central incident response team (CORRECT)
3. True or False. An incident response team needs a blend of members with strong technical and strong soft skills?
- True (CORRECT)
- False
4. Assuring systems, networks, and applications are sufficiently secure to resist an attack is part of which phase of the incident response lifecycle?
- Detection & Analysis
- Post-Incident Activity
- Preparation (CORRECT)
- Containment, Eradication & Recovery
CYBERATTACK FRAMEWORKS KNOWLEDGE CHECK
1. According to the IRIS Framework, during which stage of an attack would the attacker conduct external reconnaissance, alight tactics, techniques and procedures to target and prepare his attack infrastructure?
- Continue the attack, expand network access
- Continuous phases occur
- Attack beginnings (CORRECT)
- Attack objective execution
- Launch and execute the attack
2. According to the IRIS Framework, during which stage of an attack would the attacker escalate evasion tactics to evade detection?
- Attack beginnings
- Launch and execute the attack
- Continuous phases occur (CORRECT)
- Continue the attack, expand network access
- Attack objective execution
3. According to the IRIS framework, during the third phase of an attack when the attackers are attempting to escalate privileges, what should the IR team be doing as a countermeasure?
- Build a threat profile of adversarial actors who are likely to target the company
- Analyze all network traffic and endpoints, searching for anomalous behavior
- Thoroughly examine available forensics to understand attack details, establish mitigation priorities, provide data to law enforcement, and plan risk reduction strategies (CORRECT)
- Enforce strong user password policies by enabling multi-factor authentication and restricting the ability to use the same password across systems
- Implement strong endpoint detection and mitigation strategies
4. According to the IRIS framework, during the fifth phase of an attack, the attackers will attempt execute their final objective. What should the IR team be doing as a countermeasure?
- Enforce strong user password policies by enabling multi-factor authentication and restricting the ability to use the same password across systems
- Thoroughly examine available forensics to understand attack details, establish mitigation priorities, provide data to law enforcement, and plan risk reduction strategies (CORRECT)
- Implement strong endpoint detection and mitigation strategies
- Analyze all network traffic and endpoints, searching for anomalous behavior
- Build a threat profile of adversarial actors who are likely to target the company
5. True or False. A data breach only has to be reported to law enforcement if external customer data was compromised?
- True
- False (CORRECT)
INCIDENT MANAGEMENT RESPONSE AND CYBERATTACK FRAMEWORKS GRADED ASSESSMENT
1. In creating an incident response capability in your organization, NIST recommends taking 6 actions. Which three (3) actions that are a included on that list? (Select 3)
- Establish policies and procedures regarding incident-related information sharing (CORRECT)
- Secure executive sponsorship for the incident response plan
- Considering the relevant factors when selecting an incident response team model (CORRECT)
- Develop incident response procedures (CORRECT)
Partially correct!
2. Which incident response team model would best fit the needs of a the field offices of a large distributed organizations?
- Hybrid incident response team
- Coordinating incident response team
- Central incident response team
- Distributed incident response team (CORRECT)
3. Which incident response team staffing model would be appropriate for a small retail store that has just launched an online selling platform and finds it is now under attack? The platform was put together by its very small IT department who has no experience in managing incident response.
- Migrate all online operations to a cloud service provider so you will not have to worry about further attacks
- Outsource the monitoring of intrusion detection systems and firewalls to an offsite managed security service provider while leaving the response to detected incidents to current IT staff
- Use internal IT staff only, forcing them to come up to speed as quickly as possible
- Completely outsource the incident response work to an onsite contractor with expertise in monitoring and responding to incidents (CORRECT)
4. Which three (3) technical skills are important to have in an organization’s incident response team? (Select 3)
- Programming (CORRECT)
- Network administration (CORRECT)
- System administration (CORRECT)
- Encryption
Partially correct!
5. Identifying incident precursors and indicators is part of which phase of the incident response lifecycle?
- Detection & Analysis (CORRECT)
- Preparation
- Containment, Eradication & Recovery
- Post-Incident Activity
6. Automatically isolating a system from the network when malware is detected on that system is part of which phase of the incident response lifecycle?
- Containment, Eradication & Recovery (CORRECT)
- Post-Incident Activity
- Detection & Analysis
- Preparation
7. According to the IRIS Framework, during which stage of an attack would the attacker send phishing email, steal credentials and establish a foothold in the target network?
- Continue the attack, expand network access
- Attack beginnings
- Continuous phases occur
- Attack objective execution
- Launch and execute the attack (CORRECT)
8. According to the IRIS Framework, during which stage of an attack would the attacker execute their final objectives?
- Attack beginnings
- Launch and execute the attack
- Continue the attack, expand network access
- Continuous phases occur
- Attack objective execution (CORRECT)
9. According to the IRIS framework, during the first stage of an attack, when the bad actors are conducting external reconnaissance and aligning their tactics, techniques and procedures, what should the IR team be doing as a countermeasure?
- Implement strong endpoint detection and mitigation strategies
- Thoroughly examine available forensics to understand attack details, establish mitigation priorities, provide data to law enforcement, and plan risk reduction strategies
- Build a threat profile of adversarial actors who are likely to target the company (CORRECT)
- Enforce strong user password policies by enabling multi-factor authentication and restricting the ability to use the same password across systems
- Analyze all network traffic and endpoints, searching for anomalous behavior
10. According to the IRIS framework, during the fourth phase of an attack, the attackers will attempt to evade detection. What should the IR team be doing as a countermeasure?
- Thoroughly examine available forensics to understand attack details, establish mitigation priorities, provide data to law enforcement, and plan risk reduction strategies
- Implement strong endpoint detection and mitigation strategies
- Enforce strong user password policies by enabling multi-factor authentication and restricting the ability to use the same password across systems
- Build a threat profile of adversarial actors who are likely to target the company
- Analyze all network traffic and endpoints, searching for anomalous behavior (CORRECT)
11. True or False. A data breach always has to be reported to law enforcement agencies.
- True
- False (CORRECT)
CONCLUSION – Incident Management Response and Cyberattack Frameworks
In conclusion, this module has provided a comprehensive overview of Incident Management Response and delved into the intricacies of a cyberattack framework. By understanding the fundamentals of incident response and exploring specific frameworks, you are better equipped to identify, assess, and mitigate cyber threats effectively.
Armed with this knowledge, you are empowered to bolster cybersecurity defenses and safeguard against potential cyberattacks. As you continue your journey in the ever-evolving landscape of cybersecurity, may the insights gained from this module serve as a valuable foundation for your ongoing efforts to protect digital assets and mitigate risks.
Subscribe to our site
Get new content delivered directly to your inbox.
Quiztudy Top Courses
Popular in Coursera
- Google Advanced Data Analytics
- Google Cybersecurity Professional Certificate
- Meta Marketing Analytics Professional Certificate
- Google Digital Marketing & E-commerce Professional Certificate
- Google UX Design Professional Certificate
- Meta Social Media Marketing Professional Certificate
- Google Project Management Professional Certificate
- Meta Front-End Developer Professional Certificate
Liking our content? Then, don’t forget to ad us to your BOOKMARKS so you can find us easily!
