ISC CC - CC - Certified in Cybersecurity

Law enforcement is not typically part of an organization’s internal incident response team. Incident response teams usually consist of cybersecurity professionals, technical subject matter experts, IT staff, legal advisors, and management representatives.

Law enforcement may become involved after an incident, especially in cases involving criminal activity, regulatory requirements, or large-scale breaches. However, they are external stakeholders, not internal team members.

Management plays a key role in decision-making and communication, while technical and cybersecurity experts handle detection, containment, eradication, and recovery.

NIST incident response guidance emphasizes coordination with external entities but clearly distinguishes internal response teams from external authorities such as law enforcement.

SSH operates at the Application layer (Layer 7). IP, ICMP, and IGMP are Layer 3 protocols responsible for routing and control messaging.

Discretionary Access Control (DAC) allows the owner or creator of an object to decide who can access it and what permissions they receive. This delegation capability is a defining feature of DAC systems.

MAC enforces centrally controlled policies, RBAC assigns permissions through roles, and ABAC uses attributes evaluated by a policy engine. Only DAC explicitly allows object owners to grant or revoke access at their discretion.

Availability ensures that systems and data are accessible to authorized users when needed. A power outage that disrupts access to a data center directly impacts availability.

Confidentiality concerns unauthorized disclosure, integrity concerns unauthorized modification, and non-repudiation concerns accountability. None of these are directly affected by a power outage.

Availability risks are commonly addressed through redundancy, backup power supplies, generators, UPS systems, and disaster recovery planning.

Ensuring availability is a core objective of business continuity and disaster recovery programs.

A switch operates at Layer 2 and forwards traffic only to the destination port based on MAC address tables, unlike hubs which broadcast traffic.

An accurate asset inventory is foundational to security. Without knowing what assets exist, organizations cannot secure, monitor, or protect them effectively.

MAC enforces centrally managed access controls. Users and data owners cannot modify permissions.

Risk management is an ongoing process that identifies threats, evaluates risk, and applies controls to reduce risk to acceptable levels. It is foundational to cybersecurity governance.

Infrastructure as a Service (IaaS) provides security teams with the greatest access to forensic data because customers retain control over operating systems, logs, storage, and network configurations.

In SaaS and FaaS models, the provider controls most of the infrastructure, limiting visibility. PaaS provides partial access but still restricts OS-level forensics.

IaaS allows collection of disk images, memory dumps, system logs, and network traffic, which are essential for incident response and forensic investigations.

Security teams prefer IaaS for high-control environments where deep visibility is required.

When incidents escalate beyond containment and business continuity measures are insufficient, theDisaster Recovery Plan (DRP)is activated to restore IT systems and infrastructure.