< Free Open Study > |
This checklist is designed to enable incident response personnel to quickly assess and gather basic information about an incident. Although it does not contain specific instructions for how to respond to all incidents, it will assist the team in the detection and containment phases of the incident response process.
1: | What is the nature of the emergency?
|
2: | Did the attack result in a compromise of business data? |
Did the intruder gain root, administrator, or system access? | |
When was the incident detected ? Date:__________________________ Time:__________________________ | |
5: | How was the incident detected?
|
6: | When did the incident occur? Date:__________________________ Time:__________________________ |
7: | Is the incident ongoing? |
What are the current symptoms? | |
9: | What business areas are affected? |
10: | What systems are affected? Gather as much data as possible about the systems, including the operating system, platform, applications, IP address, associated or suspected user IDs, most recent changes applied, and so on. |
11: | Are the affected systems still connected to the network? Consider disconnecting the systems if possible. |
12: | Are backups of the affected systems available? |
Are the affected systems still at risk to attack? Consider disconnecting the systems or securing the accounts if possible. | |
14: | Will the systems potentially require forensics analysis? Consider shutting down and securing the system for forensics imaging. |
< Free Open Study > |