Q1. Describe 5 characteristics of a mature penetration testing program?
Q2. Describe 5 characteristics of a low maturity incident response program? Describe how you would improve each one to a higher maturity level.
For questions 1 and 2 needs to discuss the below concepts to answer the questions.
Q3. Describe three examples of how you could integrate cyber threat intelligence into your incident response program. Each one should include the benefit delivered to the program.
For question 3 needs to discuss the below concepts to answer the question.
Q4. Model a major cyber threat using the kill chain (e.g., APT 28). The model should include a description of the six possible course of actions for each step of the kill chain.
For question 4, need to use kill chain concept to answer the question, below is an example, but don’t need a matrix… but things described in the matrix needs to clearly discuss in the answer. The important thing from below screenshot is that each phase, which are (detect, deny, disrupt, degrade, deceive and destroy) , of the kill chain and each scenario will be different then the other.
Q5. If you were given the role as the lead for Incident Response for your enterprise, who would you have on your team and why? Describe each members’ role and unique skill(s) required for your team. What common skills, education would also be required? What characteristics could be used to best describe your team? For each team member, including yourself as the lead, identify their responsibilities during each phases of the incident response process.