Task : Analyze the incident response process.
Requirements:
An “event” is any observable occurrence in a computer, device, or network. Think of an event as being anything that you may see reported in a log file. Events can be good or bad. Any event that results in a violation of or poses an imminent threat to the security policy is called an “incident.” An incident can occur at any point from the desktop or mobile device level to the servers and infrastructure that make a network work.
- 1. Would the process of incident response change if a crime was intentionally committed versus an accidental event, such as an employee who clicks a phishing email link? That is, would the process of detecting, identifying, resolving, and documenting system or network intrusions change? Why or why not?
Fully address the question(s) in this task ; provide valid rationale for your choices, where applicable.