{"id":901,"date":"2019-09-23T21:00:03","date_gmt":"2019-09-24T02:00:03","guid":{"rendered":"https:\/\/packitforwarding.com\/?p=901"},"modified":"2020-02-25T09:32:28","modified_gmt":"2020-02-25T15:32:28","slug":"ccna-cyberops-secops-objective-5-2","status":"publish","type":"post","link":"https:\/\/packitforwarding.com\/index.php\/2019\/09\/23\/ccna-cyberops-secops-objective-5-2\/","title":{"rendered":"CCNA CyberOps SECOPS &#8211; Objective 5.2"},"content":{"rendered":"\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Apply the NIST.SP800-61 r2 incident handling process to an event <\/p><cite><strong>Implementing Cisco Cybersecurity Operations (210-255) <\/strong> <\/cite><\/blockquote>\n\n\n\n<p>The NIST.SP800-61 r2 incident handling process document contains several example scenarios. These are all contained in Appendix A of the document. Below are some of the suggested questions for each phase from section A-1 of the document.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><strong> Preparation: <\/strong><\/p><p>Would the organization consider this activity to be an incident? If so, which of the organization\u2019s policies does this activity violate? (Section 2.1) <br><br>What measures are in place to attempt to prevent this type of incident from occurring or to limit its impact? (Section 3.1.2) <br> <br><strong>Detection and Analysis:<\/strong> <br><br>What precursors of the incident, if any, might the organization detect? Would any precursors cause the organization to take action before the incident occurred? (Sections 3.2.2, 3.2.3) <br><br>What indicators of the incident might the organization detect? Which indicators would cause someone to think that an incident might have occurred? (Sections 3.2.2, 3.2.3) <br><br>What additional tools might be needed to detect this particular incident? (Section 3.2.3) <br><br>How would the incident response team analyze and validate this incident? What personnel would be involved in the analysis and validation process? (Section 3.2.4) <br><br>To which people and groups within the organization would the team report the incident? (Section 3.2.7) <br><br>How would the team prioritize the handling of this incident? (Section 3.2.6) <br><br><strong>Containment, Eradication, and Recovery: <\/strong><br><br>What strategy should the organization take to contain the incident? Why is this strategy preferable to others? (Section 3.3.1) <br><br>What could happen if the incident were not contained? (Section 3.3.1) <br><br>What additional tools might be needed to respond to this particular incident? (Sections 3.3.1, 3.3.4) <br><br>Which personnel would be involved in the containment, eradication, and\/or recovery processes? (Sections 3.3.1, 3.3.4)<br><br>What sources of evidence, if any, should the organization acquire? How would the evidence be acquired? Where would it be stored? How long should it be retained? (Sections 3.2.5, 3.3.2, 3.4.3) <br><br><strong>Post-Incident Activity: <\/strong><br><br>Who would attend the lessons learned meeting regarding this incident? (Section 3.4.1) <br><br>What could be done to prevent similar incidents from occurring in the future? (Section 3.1.2) <br><br>What could be done to improve detection of similar incidents? (Section 3.1.2) <br> <br><strong>General Questions: <\/strong><br><br>How many incident response team members would participate in handling this incident? (Section 2.4.3) <br><br>Besides the incident response team, what groups within the organization would be involved in handling this incident? (Section 2.4.4) <br><br>To which external parties would the team report the incident? When would each report occur? How would each report be made? What information would you report or not report, and why? (Section 2.3.2) <br><br>What other communications with external parties may occur? (Section 2.3.2) <br><br>What tools and resources would the team use in handling this incident? (Section 3.1.1) <br><br>What aspects of the handling would have been different if the incident had occurred at a different day and time (on-hours versus off-hours)? (Section 2.4.2) <br><br>What aspects of the handling would have been different if the incident had occurred at a different physical location (onsite versus offsite)? (Section 2.4.2) <\/p><cite>NIST.SP800-61 r2 Appendix A Section 1<\/cite><\/blockquote>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Apply the NIST.SP800-61 r2 incident handling process to an event Implementing Cisco Cybersecurity Operations (210-255) The NIST.SP800-61 r2 incident handling process document contains several example scenarios. These are all contained in Appendix A of the document. Below are some of the suggested questions for each phase from section A-1 of the document. Preparation: Would the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":931,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"CCNA CyberOps SECOPS - Objective 5.2 #ccnacyberops #ciscocert #ciscochampions","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[88,105,31,24],"tags":[107,90,106,149],"class_list":["post-901","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-ccna-cyberops","category-certification","category-cisco","tag-ccna-cyberops","tag-certification","tag-cisco","tag-cisco-certified-cyber-ops-associate"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CCNA CyberOps SECOPS - Objective 5.2 -<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/packitforwarding.com\/index.php\/2019\/09\/23\/ccna-cyberops-secops-objective-5-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CCNA CyberOps SECOPS - Objective 5.2 -\" \/>\n<meta property=\"og:description\" content=\"Apply the NIST.SP800-61 r2 incident handling process to an event Implementing Cisco Cybersecurity Operations (210-255) The NIST.SP800-61 r2 incident handling process document contains several example scenarios. These are all contained in Appendix A of the document. Below are some of the suggested questions for each phase from section A-1 of the document. Preparation: Would the [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/packitforwarding.com\/index.php\/2019\/09\/23\/ccna-cyberops-secops-objective-5-2\/\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/packitforwarding\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/packitforwarding\" \/>\n<meta property=\"article:published_time\" content=\"2019-09-24T02:00:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-02-25T15:32:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i1.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/09\/diagram-flowchart-hand-1181311.jpg?fit=640%2C427&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"427\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ben Story\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/www.twitter.com\/ntwrk80\" \/>\n<meta name=\"twitter:site\" content=\"@ntwrk80\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Story\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/09\\\/23\\\/ccna-cyberops-secops-objective-5-2\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/09\\\/23\\\/ccna-cyberops-secops-objective-5-2\\\/\"},\"author\":{\"name\":\"Ben Story\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"headline\":\"CCNA CyberOps SECOPS &#8211; Objective 5.2\",\"datePublished\":\"2019-09-24T02:00:03+00:00\",\"dateModified\":\"2020-02-25T15:32:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/09\\\/23\\\/ccna-cyberops-secops-objective-5-2\\\/\"},\"wordCount\":484,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"image\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/09\\\/23\\\/ccna-cyberops-secops-objective-5-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/09\\\/diagram-flowchart-hand-1181311.jpg?fit=640%2C427&ssl=1\",\"keywords\":[\"CCNA CyberOps\",\"certification\",\"cisco\",\"Cisco Certified Cyber Ops Associate\"],\"articleSection\":[\"Blog\",\"CCNA CyberOps\",\"Certification\",\"cisco\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/09\\\/23\\\/ccna-cyberops-secops-objective-5-2\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/09\\\/23\\\/ccna-cyberops-secops-objective-5-2\\\/\",\"url\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/09\\\/23\\\/ccna-cyberops-secops-objective-5-2\\\/\",\"name\":\"CCNA CyberOps SECOPS - Objective 5.2 -\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/09\\\/23\\\/ccna-cyberops-secops-objective-5-2\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/09\\\/23\\\/ccna-cyberops-secops-objective-5-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/09\\\/diagram-flowchart-hand-1181311.jpg?fit=640%2C427&ssl=1\",\"datePublished\":\"2019-09-24T02:00:03+00:00\",\"dateModified\":\"2020-02-25T15:32:28+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/09\\\/23\\\/ccna-cyberops-secops-objective-5-2\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/09\\\/23\\\/ccna-cyberops-secops-objective-5-2\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/09\\\/23\\\/ccna-cyberops-secops-objective-5-2\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/09\\\/diagram-flowchart-hand-1181311.jpg?fit=640%2C427&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/09\\\/diagram-flowchart-hand-1181311.jpg?fit=640%2C427&ssl=1\",\"width\":640,\"height\":427,\"caption\":\"Whiteboard drawing of a flow chart.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/09\\\/23\\\/ccna-cyberops-secops-objective-5-2\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/packitforwarding.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CCNA CyberOps SECOPS &#8211; Objective 5.2\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#website\",\"url\":\"https:\\\/\\\/packitforwarding.com\\\/\",\"name\":\"\",\"description\":\"Paying it forward to the next generation of IT.\",\"publisher\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/packitforwarding.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\",\"name\":\"Ben Story\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"width\":489,\"height\":250,\"caption\":\"Ben Story\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\"},\"description\":\"In the course of my career, I have had the pleasure of working in multiple verticals including Education, Logistics and Healthcare. Although I started as a systems administrator (aka server jockey), I am now firmly in the network engineering arena. Currently I am working for a multi-state hospital system.\",\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/packitforwarding\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/benstory\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/www.twitter.com\\\/ntwrk80\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CCNA CyberOps SECOPS - Objective 5.2 -","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/packitforwarding.com\/index.php\/2019\/09\/23\/ccna-cyberops-secops-objective-5-2\/","og_locale":"en_US","og_type":"article","og_title":"CCNA CyberOps SECOPS - Objective 5.2 -","og_description":"Apply the NIST.SP800-61 r2 incident handling process to an event Implementing Cisco Cybersecurity Operations (210-255) The NIST.SP800-61 r2 incident handling process document contains several example scenarios. These are all contained in Appendix A of the document. Below are some of the suggested questions for each phase from section A-1 of the document. Preparation: Would the [&hellip;]","og_url":"https:\/\/packitforwarding.com\/index.php\/2019\/09\/23\/ccna-cyberops-secops-objective-5-2\/","article_publisher":"https:\/\/www.facebook.com\/packitforwarding","article_author":"https:\/\/www.facebook.com\/packitforwarding","article_published_time":"2019-09-24T02:00:03+00:00","article_modified_time":"2020-02-25T15:32:28+00:00","og_image":[{"width":640,"height":427,"url":"https:\/\/i1.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/09\/diagram-flowchart-hand-1181311.jpg?fit=640%2C427&ssl=1","type":"image\/jpeg"}],"author":"Ben Story","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/www.twitter.com\/ntwrk80","twitter_site":"@ntwrk80","twitter_misc":{"Written by":"Ben Story","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/09\/23\/ccna-cyberops-secops-objective-5-2\/#article","isPartOf":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/09\/23\/ccna-cyberops-secops-objective-5-2\/"},"author":{"name":"Ben Story","@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"headline":"CCNA CyberOps SECOPS &#8211; Objective 5.2","datePublished":"2019-09-24T02:00:03+00:00","dateModified":"2020-02-25T15:32:28+00:00","mainEntityOfPage":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/09\/23\/ccna-cyberops-secops-objective-5-2\/"},"wordCount":484,"commentCount":0,"publisher":{"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"image":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/09\/23\/ccna-cyberops-secops-objective-5-2\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/09\/diagram-flowchart-hand-1181311.jpg?fit=640%2C427&ssl=1","keywords":["CCNA CyberOps","certification","cisco","Cisco Certified Cyber Ops Associate"],"articleSection":["Blog","CCNA CyberOps","Certification","cisco"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/packitforwarding.com\/index.php\/2019\/09\/23\/ccna-cyberops-secops-objective-5-2\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/09\/23\/ccna-cyberops-secops-objective-5-2\/","url":"https:\/\/packitforwarding.com\/index.php\/2019\/09\/23\/ccna-cyberops-secops-objective-5-2\/","name":"CCNA CyberOps SECOPS - Objective 5.2 -","isPartOf":{"@id":"https:\/\/packitforwarding.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/09\/23\/ccna-cyberops-secops-objective-5-2\/#primaryimage"},"image":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/09\/23\/ccna-cyberops-secops-objective-5-2\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/09\/diagram-flowchart-hand-1181311.jpg?fit=640%2C427&ssl=1","datePublished":"2019-09-24T02:00:03+00:00","dateModified":"2020-02-25T15:32:28+00:00","breadcrumb":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/09\/23\/ccna-cyberops-secops-objective-5-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/packitforwarding.com\/index.php\/2019\/09\/23\/ccna-cyberops-secops-objective-5-2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/09\/23\/ccna-cyberops-secops-objective-5-2\/#primaryimage","url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/09\/diagram-flowchart-hand-1181311.jpg?fit=640%2C427&ssl=1","contentUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/09\/diagram-flowchart-hand-1181311.jpg?fit=640%2C427&ssl=1","width":640,"height":427,"caption":"Whiteboard drawing of a flow chart."},{"@type":"BreadcrumbList","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/09\/23\/ccna-cyberops-secops-objective-5-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/packitforwarding.com\/"},{"@type":"ListItem","position":2,"name":"CCNA CyberOps SECOPS &#8211; Objective 5.2"}]},{"@type":"WebSite","@id":"https:\/\/packitforwarding.com\/#website","url":"https:\/\/packitforwarding.com\/","name":"","description":"Paying it forward to the next generation of IT.","publisher":{"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/packitforwarding.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8","name":"Ben Story","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","contentUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","width":489,"height":250,"caption":"Ben Story"},"logo":{"@id":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1"},"description":"In the course of my career, I have had the pleasure of working in multiple verticals including Education, Logistics and Healthcare. Although I started as a systems administrator (aka server jockey), I am now firmly in the network engineering arena. Currently I am working for a multi-state hospital system.","sameAs":["https:\/\/www.facebook.com\/packitforwarding","https:\/\/www.linkedin.com\/in\/benstory","https:\/\/x.com\/https:\/\/www.twitter.com\/ntwrk80"]}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/09\/diagram-flowchart-hand-1181311.jpg?fit=640%2C427&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pay9MD-ex","jetpack-related-posts":[{"id":830,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/12\/ccna-cyberops-secops-objective-3-1\/","url_meta":{"origin":901,"position":0},"title":"CCNA CyberOps SECOPS &#8211; Objective 3.1","author":"Ben Story","date":"August 12, 2019","format":false,"excerpt":"Describe the elements that should be included in an incident response plan as stated in NIST.SP800-61 r2 Implementing Cisco Cybersecurity Operations (210-255) NIST's SP 800-61 was developed to help organizations formulate incident response plans. It can be found here. Each organization's incident response plan will be different. There are some\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/security-protection-anti-virus-software-60504-1.jpeg?fit=1200%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/security-protection-anti-virus-software-60504-1.jpeg?fit=1200%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/security-protection-anti-virus-software-60504-1.jpeg?fit=1200%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/security-protection-anti-virus-software-60504-1.jpeg?fit=1200%2C800&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/security-protection-anti-virus-software-60504-1.jpeg?fit=1200%2C800&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":823,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/11\/ccna-cyberops-secops-objective-2-9\/","url_meta":{"origin":901,"position":1},"title":"CCNA CyberOps SECOPS &#8211; Objective 2.9","author":"Ben Story","date":"August 11, 2019","format":false,"excerpt":"Interpret a provided intrusion event and host profile to calculate the impact flag generated by Firepower Management Center (FMC) Implementing Cisco Cybersecurity Operations (210-255) FMC Incident FMC Host Profile The firepower management console (FMC) presents information about the incidents and hosts. Impact flag 1 indicates an incident against a host\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/06\/abstract-business-code-270348.jpg?fit=1200%2C645&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/06\/abstract-business-code-270348.jpg?fit=1200%2C645&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/06\/abstract-business-code-270348.jpg?fit=1200%2C645&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/06\/abstract-business-code-270348.jpg?fit=1200%2C645&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/06\/abstract-business-code-270348.jpg?fit=1200%2C645&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":845,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/15\/ccna-cyberops-secops-objective-3-4\/","url_meta":{"origin":901,"position":2},"title":"CCNA CyberOps SECOPS &#8211; Objective 3.4","author":"Ben Story","date":"August 15, 2019","format":false,"excerpt":"Describe the goals of the given CSIRT Implementing Cisco Cybersecurity Operations (210-255) A Computer Security Incident Response Team (CSIRT) can come in several different forms. Internal CSIRT - an Internal CSIRT is established by an organization to handle incident response for their own organization.National CSIRT - National CSIRTs provide services\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"Photo by Markus Spiske temporausch.com from Pexels","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-193349.jpeg?fit=640%2C960&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-193349.jpeg?fit=640%2C960&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-193349.jpeg?fit=640%2C960&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":843,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/14\/ccna-cyberops-secops-objective-3-3\/","url_meta":{"origin":901,"position":3},"title":"CCNA CyberOps SECOPS &#8211; Objective 3.3","author":"Ben Story","date":"August 14, 2019","format":false,"excerpt":"Map the organization stakeholders against the NIST IR categories (C2M2, NIST.SP800-61 r2) Implementing Cisco Cybersecurity Operations (210-255) The best I could find for this topic were the stakeholders defined by the Cybersecurity Capability Maturity Model (C2M2) documentation as listed below. Decision makers (executives) who control the allocation of resources and\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"Photo by Lukas from Pexels","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-652348.jpeg?fit=640%2C423&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-652348.jpeg?fit=640%2C423&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-652348.jpeg?fit=640%2C423&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":902,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/09\/24\/ccna-cyberops-secops-objective-5-3\/","url_meta":{"origin":901,"position":4},"title":"CCNA CyberOps SECOPS &#8211; Objective 5.3","author":"Ben Story","date":"September 24, 2019","format":false,"excerpt":"Define these activities as they relate to incident handling Implementing Cisco Cybersecurity Operations (210-255) Identification Continuous monitoring of the environment by the SOC allows for identification of true positive incidents. This monitoring can come from multiple sources including IPS\/IDS, Firewalls, Endpoint Agents and the SIEM. Once detected and confirmed the\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"Photo by rawpixel.com from Pexels","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/09\/care-case-cure-1327217.jpg?fit=640%2C427&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/09\/care-case-cure-1327217.jpg?fit=640%2C427&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/09\/care-case-cure-1327217.jpg?fit=640%2C427&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":833,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/13\/ccna-cyberops-secops-objective-3-2\/","url_meta":{"origin":901,"position":5},"title":"CCNA CyberOps SECOPS &#8211; Objective 3.2","author":"Ben Story","date":"August 13, 2019","format":false,"excerpt":"Map elements to these steps of analysis based on the NIST.SP800-61 r2 Implementing Cisco Cybersecurity Operations (210-255) NIST.SP800-61 r2 defines an Incident Response Life Cycle as shown above. For the SECOPS test, it is necessary to know some of the common elements of the steps in the Incident Response Life\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"Visual depiction of the steps in the Incident Response Life Cycle as defined by NIST SP800.61r2","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/PIF-Incident-Response-Life-Cycle-1.png?fit=800%2C600&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/PIF-Incident-Response-Life-Cycle-1.png?fit=800%2C600&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/PIF-Incident-Response-Life-Cycle-1.png?fit=800%2C600&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/PIF-Incident-Response-Life-Cycle-1.png?fit=800%2C600&ssl=1&resize=700%2C400 2x"},"classes":[]}],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts\/901","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/comments?post=901"}],"version-history":[{"count":1,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts\/901\/revisions"}],"predecessor-version":[{"id":1120,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts\/901\/revisions\/1120"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/media\/931"}],"wp:attachment":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/media?parent=901"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/categories?post=901"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/tags?post=901"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}