1
Chapter 18: Incident Handling
1. Why is an incident-handling policy needed?
2. What are some different kinds of incidents?
3. What are the phases of incident handling?
4. What are the phases in preparing for incident handling?
5. What are the steps in identifying incidents?
6. Why are secure communication channels important?
7. What are the steps to remove a bug?
8. What are the steps to recover from an incident?
3
9. What is the point of a postmortem investigation after the incident is fixed?
10. What are the basic steps to respond to an incident?
Indicate whether the sentence or statement is true or false.
11. ______ The first person to call in the event of an apparent incident is the CEO of the company.
12. ______ Your incident-handling policy will contain the proper procedures for all eventualities.
13. ______ If you discover an anomaly in the network logs, the first thing to do is to stay calm.
14. ______ Most hackers leave some clues. It is up to you to keep the scene clean so the forensics
specialists have a chance to discover them.
Arrange the steps involved in tracking hackers in their correct order.
a.
Identify any links that transmitted similar data
d.
Define geographical sectors
b.
Divide timelines
e.
Analyze log files for signatures regarding the
hacker
c.
Analyze the attacker’s possible motivation
based on the results of the hack
f.
Pinpoint the location of the hacker
4
15. Step one ____________
16. Step two ____________
17. Step three ____________
18. Step four _____________
19. Step five _____________
20. Step six ______________