EXECUTIVE SUMMARY
What page does the Executive Summary start on?
What is Page 1
Who hosts the Cybersecurity Incident Response Team (CSIRT) processes?
Who is the Chief Information Security Officer, CISO
Performs incident handling activities, including incident investigation, incident analysis, runbook execution, mitigation requirements determination, remediation oversight, incident monitoring, and accurate documentation of all incident response activities.
Who is the Incident Response Analysts (IR Handler)
Any observable occurrence in a system or network; these may originate on an individual system, network, security device, or other device.
What is an Event
If the analysis determines that the alert qualifies as an event, a ticket is opened in the what?
What is the CSOC Ticketing System
SCE established and maintains a what strategy.
What are the two types of Cybersecurity & Intelligence Goals?
What is Proactive and Responsive goals
Provides administrative support to IR Handler and CSIRT Team Leads during incident response, including organization and facilitation of stakeholder coordination calls, activation of CSIRT members, distribution of written notifications to stakeholders, and tracking of tasks throughout the response.
Who is the Cybersecurity Incident Response Team Coordinator
A suspected or detected compromise or imminent threat of compromise to the confidentiality, availability, or integrity of SCE’s IT systems or non-publicly available data that it maintains.
What is an Incident
For significant events that could likely escalate to an incident, a what is required.
What is a Pre-Incident Notification
SCE has aligned the Cybersecurity Incident Response Plan with what following three capabilities.
What is Governance, Organization, and Operations
All cyber incident declarations and investigations within the SCE computing environment is the sole responsibility of the what organization?
What is CSOC
Provides necessary changes to cybersecurity tools and may aid in providing additional research, data, or assistance during the incident life cycle.
Who is the Cybersecurity Engineers
How many different SCRAL levels are there?
What is 5; Low, Guarded, Elevated, Substantial, Severe
The process for distributing written notifications to internal stakeholders can be found in what?
What is Appendix I – CSIRT Written Notification Process
The company’s transmission and distribution grid are a key element of the United States’ critical infrastructure as defined by what?
What is Presidential Policy Directive (PPD) 21
The CSIRP will be tested BLANK at a minimum?
What is Annually
Coordinates all incident-handling activities. The activities include, but are not limited to, incident validation, resource coordination, the primary contact for internal and external communications regarding incidents, impact assessment, documentation verification, and incident closure.
Who is the Cybersecurity Incident Response Team Lead
How many devices/systems impacted would be to have a Moderate Impact for the Incident Scope?
What is 6 to 10?
These what are designed to include a small, targeted number of stakeholders who will help evaluate the situation and provide feedback on actions taken and next steps.
What are Coordination Calls
Management of cybersecurity events and incidents (as defined in Section what)?
What is 4
Regulatory evidentiary requirements of test incidents and exercises are maintained by who?
Who is Business Resiliency
Provides resource allocation, briefs executive leadership or the Incident Support Team through their roles in the IT IMT organization, assesses business impact, and makes decisions regarding incident handling.
Who is the Cybersecurity Management
What are the 4 stages of the Cybersecurity Event and Incident Management Process Flow
What is
1. Detection
2. Analysis
3. Containment, Eradication, Recovery
4. Post-Incident Activity
In Post-Incident Activity, the CSOC team, along with input from supporting technical and external resources will complete a BLANK and BLANK reports.
What is After-Action and Lessons Learned reports