What information is unnecessary for determining the appropriate containment strategy according to NIST SP800-61 r2?
A. attack vector used to compromise the system
B. effectiveness of the strategy
C. time and resources needed to implement the strategy
D. need for evidence preservation
Remember…”unnecessary” not necessary!
Potential damage to and theft of resources
Need for evidence preservation
Service availability (e.g., network connectivity, services provided to external parties)
Time and resources needed to implement the strategy
Effectiveness of the strategy (e.g., partial containment, full containment)
Duration of the solution (e.g., emergency workaround to be removed in four hours, temporary workaround to be removed in two weeks, permanent solution).
A. attack vector used to compromise the system
It’s not in the official list of NIST.