Domain 4 - Incident Response and Recovery

---

Goals

• Evaluate security incident handling procedure to protect and preserve organization assets and data
• Evaluate forensic investigations procedures to protect and preserve organization assets and data
• Evaluate business continuity (BCP) and disaster recovery (DRP) plans to protect and preserve organization assets and data

Incident Management

• Incident Response (IR)
  • CompTIA Incident Response Lifecycle
• NIST SP 800-88

Investigations and Forensics

• Cybersecurity Investigation Types
• Types of Evidence
• Admissibility of Evidence
  • Hearsay rule
• Order of Volatility
• Flow Data
• eDiscovery

Business Continuity Planning

• Business Continuity and Disaster Recovery (BC-DR)
• Continuity of Operations Plan (COOP)
  • Single Point of Failure Analysis
    • identifies and removes single points of failures
    • continues until the cost of addressing risk outweighs the benefits
  • Succession planning for personnel
  • specific BC roles should receive training at least on annual basis
• Business Impact Analysis (BIA)
• High Availability
• Load Balancers
• Redundant Array of Independent Disks (RAID)

Disaster Recovery

• Disaster Recovery Plan (DRP)
• Disaster Recovery Metrics
  • MTD, RTO, RPO
• Data Backups
• Backup Methods
• Disaster Recovery Sites
• Disaster Recovery Test Types

Emergency Response