CERT-CSIH Domain #4: Respond
Introduction
“Respond” is the name of the fourth domain of the CERT-CSIH certification exam. This domain constitutes 40% to the overall percentage of the exam, by far the largest percentage of the exam of any domain. As the name implies, the Respond phase is applied as soon as the Triage and Analysis phase, the third domain of the CERT-CSIH exam, is completed. A Computer Security Incident Response Team (CSIRT) plays a pivotal role during the Respond phase.
The purpose of this domain is to help candidates learn how to respond to cybersecurity incidents. Cybersecurity incidents and threats such as Advanced Persistent Threats (APTs) have become the norm of the day. Former U.S. President Barack Obama once declared that cybersecurity threats are “one of the most serious economic and national security challenges we face as a nation … Protecting America’s digital infrastructure is going to remain a top national security priority.”
The following sections comprehensively describe the fourth CERT-CSIH domain. You need to grasp these topics in order to take and pass the exam with an elite score.
What Topics Are Covered in This Domain?
This domain covers the following topics:
- Develop an incident response strategy and plan to limit incident effects and to repair incident damage
- Perform real-time incident response tasks (e.g., direct system remediation) to support deployable incident response teams
- Determine the risk of continuing operations
- Change passwords
- Improve defenses
- Remove the cause of the incident
- Validate the system
- Identify relevant stakeholders that need to be contacted or that may have a vested interest or vital role in communications about an organizational incident
- Identify the appropriate communications protocols and channels (media and message) for each type of stakeholder
- Coordinate, integrate and lead team responses with other internal groups (e.g., IT, management, compliance, legal, (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Fakhar Imam. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/_MFfyTr4ekw/
