Determining the Impact of Incidents
This chapter includes questions on the following topics:
• Criteria for classifying threats to the network
• How to determine the severity level of an incident
• Best practices for prioritizing security incident response
• The most common types of sensitive and protected data
Incident response is very rarely, if ever, a straightforward activity. Like any other job where you are “putting out fires,” the job of incident response involves constantly measuring severity and then acting accordingly. That is to say, you fight the fire you determine needs your attention first—you act based on priority.
Prioritizing an incident is a product of several factors, such as the scope of impact (including ...