What are three actions taken in the Detection & Analysis phase of the NIST Incident Response Life Cycle? (Choose three.)
- The CSIRT performs an initial analysis to determine the incident’s scope, such as which networks, systems, or applications are affected, who or what originated the incident, and how the incident is occurring.
- The effectiveness of the incident handling process is reviewed and any necessary hardening for existing security controls and practices is identified.
- The type of incident and the extent of the effects are determined.
- The incident is contained and subsequent actions are determined.
- The appropriate stakeholders and outside parties are notified so that all who need to be involved can play their role.
- The CSIRT is created and trained.
Explanation & Hint:
The Detection & Analysis phase of the Incident Response Life Cycle includes actions such as determining which networks, systems, or applications are affected, who or what originated the incident, and how the incident is occurring. It also includes notifying the appropriate stakeholders and outside parties so that all who need to be involved can play their role, determining the type of incident, and measuring the characteristics of expected activity in networking devices and systems so that changes to it can be more easily identified. |