1 / 1100%
Inthesimplesttermsordenion,aprecursorisasignthatanincidentmayoccurinthefuture
andanindicatorisasignthatanincidentmayhaveoccurredormaybeoccurringnow.Oneexample
ofaprecursorcouldbe,athreatfromagroupstangthatthegroupwillaacktheorganizaon.
Oneexampleofaindicatorswouldbeyouranvirusso!warealertswhenitdetectsthatahostis
infectedwithmalware.Thechallengewithbothdetecontypesisitsaccuracyhowever,some
incidentsareeasytodetect,suchasanobviouslydefacedwebpage.However,manyincidentsare
notassociatedwithsuchclearsymptoms.Smallsignssuchasonechangeinonesystem
conguraonlemaybetheonlyindicatorsthatanincidenthasoccurred.
Althoughtechnicalsoluonsexistthatcanmakedeteconeasier,thebestremedyistobuildateam
ofhighlyexperiencedandprocientsta&memberswhocananalysetheprecursorsandindicators
e&ecvelyande'cientlyandtakeappropriateacons.Withoutawell-trainedandcapablesta&,
incidentdeteconandanalysiswillbeconductedine'ciently,andcostlymistakeswillbemade.
Source
Cichonski,Milar,Grance,Scarfone–NISTComputerSecurityIncidentHandlingGuide
(Recommendaaonofthe
NIST)https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Retrievedon3/7/2022.
Students also viewed