CySA+ domain #8: Incident response process

Introduction

CompTIA has identified a need in the market for cybersecurity professionals that want to certify their knowledge and earn a cybersecurity analyst qualification. The CySA+ certification is a way for candidates to show their employers that they are familiar with all of the concepts, theories and methods that are needed in a cybersecurity analyst role.

There are four exam objectives that you will need to master in order to pass. In this article we will be looking at the incident response process, which is covered under the third domain in the exam objectives 3.0, Cyber Incident Response. We’ll look at the requirements for the test, as well as the basics that you should know before taking on this certification. You can use this article as a starting point for your studies to help show you what you can expect from the certification in general.

Sponsorships Available

Common terms and concepts

If you already work in cybersecurity, you are probably no stranger to some of the basic terminology that comes with this line of work, but learning the definitions is still important if you want to certify your knowledge. Some examples of the types of information that you should know are:

• IR: In this context, IR stands for incident response. It is the process of mitigating or remediating the effects and symptoms of a cybersecurity incident against an IT system
• NIST SP 800-61 revision 2: This is a NIST Special Publication that describes the entire incident response process
• Stakeholders: These are the department heads of your organization such as HR, Legal, Marketing and management
• Role-based responsibilities: These highlight the responsibilities of each party that responds to an incident. Examples are technical, management and law enforcement

Incident response process steps

There are six steps in the Incident Response Process. Each of these (Read more...)