1. "Containment and IR Strategies" Please respond to the following:
• Explain why it is important for a business to have a specific plan of action, processes, and / or a set of guidelines to manage potential security incidents that may arise.
Support your answer with a real-life example. Be sure to clearly identify the business as well as the potential security incident in your example.
• Discuss the role of incident containment in an incident response strategy and how a lack of planning for containment is a potential pitfall for any response strategy.
2. "SIEM and Incident Response" Please respond to the following:
• From the e-Activity, explain in your own words the purpose of security information and event management (SIEM) solutions and how this category of tools can assist an incident response team. Also determine whether or not you believe the "golden hour" is a realistic and attainable response goal. Justify your answer.
• Compare and contrast two SIEM tools of your choice based on their common uses and market reputation. Determine which of these tools you would prefer to use as part of an incident response strategy and explain why.