Homework Help: Questions and Answers: You have recently installed an enterprise-level SOAR solution for incident response. The response team is determining the processes that need to be manually followed when an incident occurs. Which of the following documentation is the team developing?
A) Playbook
B) Orange book
C) Runbook
D) Blue book
Answer:
First, let’s understand what SOAR is:
SOAR (Security Orchestration, Automation, and Response): This refers to the tools and technologies that allow organizations to collect security data, respond to incidents, and automate the process.
Incident Response: This involves identifying, managing, and resolving security incidents. When an incident occurs, a clear process or set of actions must be followed to ensure timely and efficient handling.
Given Options: Step by Step Answering
a) Playbook
- A Playbook contains predefined procedures and workflows for handling different types of security incidents. It outlines the steps that need to be taken in response to specific incidents and is commonly used in incident response planning.
b) Orange book
- This refers to the “Trusted Computer System Evaluation Criteria” (TCSEC), which is a security classification system used in the U.S. It’s not related to incident response processes.
c) Runbook
- A Runbook is a set of detailed instructions for routine tasks or operations, often used in IT systems management. It’s more focused on repetitive tasks rather than incident-specific response.
d) Blue book
- This term generally refers to a pricing guide or valuation system, such as the Kelley Blue Book for vehicles, and is not related to incident response.
Final Answer:
Based on the above analysis, the correct answer is:
A) Playbook
Playbooks are used to guide the response team on how to react to various types of incidents in a structured way.
Learn More: Homework Help
Q. Which of the following are examples of security threats? Select all of the boxes that apply.