When an IR plan has been activated and the CSIRT is actively responding to a threat, it must be able to identify the systems and network connection being used by the hacker. Although there is a strong urge to identify who the attacker is, this is rarely the best strategy. Why?
What will be an ideal response?
Although there is a strong urge to identify who the attacker is, it is almost always a better strategy to focus the team's energies on containment, eradication, and recovery efforts. The processes used to identify attacking networks and systems are time-consuming, and most attackers will have implemented countermeasures to prevent having their actual identities revealed. Time spent trying to identify the attacker can keep the CSIRT from attaining its primary objective, which is to minimize the impact of the emerging incident on the business.
You might also like to view...
What reactor type is also called an autoclave reactor?
a. Stirred tank reactor b. Fixed bed reactor c. Tubular reactor d. Fluidized bed reactor
Female screwworm flies need open wounds or injuries in which to lay their eggs
Indicate whether the statement is true or false
The walls of the omasum contain many folds that are lined with blunt muscular papillae that grind roughages
Indicate whether the statement is true or false
When changing a low voltage transformer, service technician should:
A) Use a replacement transformer with a higher VA rating to make it last longer. B) Temporarily short across the secondary side of the transformer to test its output. C) Use a replacement transformer with a higher voltage primary winding to make it last longer. D) Check all low voltage controls for shorts and grounds.