IH - Step 1 - Module 7 Powerpoint Presentation.pptx
trevor501353
10 views
14 slides
Mar 05, 2025
Slide 1 of 14
1
2
3
4
5
6
7
8
9
10
11
12
13
14
About This Presentation
IH - Step 1 - Module 7 Powerpoint Presentation.pptx
Slide Content
Dr. Kevin F. Streff Founder and Managing Partner 1 Incident Handler Certification
Dr. Kevin Streff American Security and Privacy, LLC Founder & Managing Partner www.americansecurityandprivacy.com [email protected] 605.270.4427 2
Agenda 3 Module 1 Incident Response Overview Module 2 Incident Response Laws and Regulations Module 3 The Fit of Incident Response in Information Security and Privacy Programs Module 4 Privacy Incidents Module 5 Security Incidents Module 6 Incident Response Program Overview Module 7 Step 1 - Preparation Module 8 Step 2 - Detection and Analysis Module 9 Step 3 - Contain, Eradicate, and Recover Module 10 Step 4 - Post Incident Activity Module 11 Incident Response Testing Module 12 Third Party Incident Response Requirements Module 13 Incident Response Auditing Module 14 Incident Response Metrics
Module 7 Incident response programs – Step 1 Preparation 4
Previous Learnings Both security and privacy incidents need to be reflected in your incident response and business continuity plans Risk - based approach Identify the potential issues prior to them occurring 5
NIST SP - 800 - 61 National Institute of Standards and Technology Computer Security Incident Handling Guide NIST Special Publication SP 800 - 61
Preparation 7 Policy - define principle, rules and practices to guide security processes. Ensure the policy is highly visible both to employees and users, for example by displaying a login banner that states all activities will be monitored, and clearly stating unauthorized activities and the associated penalties. Inventory Incidents – outline security and privacy incidents of concern. Incident Classification – outline incident levels and classify each incident in a level. Build Identification Mechanisms – logging, monitoring, help desk, notifications, IPS/IDS, business partners, etc. Response Plan/Strategy - create a plan for incident handling, with prioritization of incidents based on organizational impact. For example, organizational impact is higher the more employees are affected within the organization, the more an event is likely to impact revenues, or the more sensitive data is involved, such as salaries, financial or private customer data. Ensure Logging Capabilities – log when occurs so that it can be used as evidence during or after an incident.
Preparation 8 Communication - create a communication plan that states which IRT members should be contacted during an incident, for what reasons and when they can be contacted. The communication plan should state the policy for contacting law enforcement, and who should make contact. Documentation – Develop an Incident Form. D ocumentation is not optional and can be a life saver. If the incident is considered a criminal act, your documentation will be used to press charges against suspects. Any information you collect about the incident can also be used for lessons learned and to improve your incident response process. Documentation should answer the questions: Who, What, When, Where, Why, and How?. Team - build a IRT team with all relevant skills, not just security. Include individuals with expertise in security but also IT operations, legal, human resources, and public relations - all of whom can be instrumental in dealing with and mitigating an attack.
Preparation 9 Access control - make sure that IRT staff have the appropriate permissions to do their job. It is a good idea to have, as part of the incident response plan, network administrators add permissions to IRT member accounts, and then remove them when the incident is over. Training - ensure initial and ongoing training for all IRT members on incident response processes, technical skills and relevant cyberattack patterns and techniques. Carry out drills at regular intervals to insure that everyone in the IRT knows what they need to do and is able to perform their duties during a real incident. Tools - evaluate, select and deploy software and hardware that can help respond to an incident more effectively. All of the tools should be packaged in a “jump bag” that can be quickly accessed by IRT members when an incident occurs.
Monitor (Alerts and warnings from Microsoft, CERT, Symantec Trend Micro…) Incident Response Policy and Plan Formal plan Exercises Trained and certified core staff Trained SMEs (HR, Law, Corporate Relations…) 3) Security and privacy program - Audits, penetration testing & assessments - Configuration standards - Risk analysis 10
11
Sample Incident Response Plan Components Incident Types/Levels IRT Roles and Responsibilities Process Escalation Procedures Communication SAR Reporting Contact Information Testing 12
Module 7 Summary Preparation is required to identify which incidents pose the most potential harm Inventory incidents Categorize incidents Draft policy and plan 13
Dr. Kevin Streff American Security and Privacy, LLC Founder & Managing Partner www.americansecurityandprivacy.com [email protected] 605.270.4427 14 American Security and Privacy, LLC
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 10
- Slides 14
- Age 271 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views