IH - Step 2 - Module 8 Powerpoint Presentation.pptx
trevor501353
10 views
15 slides
Mar 05, 2025
Slide 1 of 15
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
About This Presentation
IH - Step 2 - Module 8 Powerpoint Presentation.pptx
Slide Content
Dr. Kevin F. Streff Founder and Managing Partner 1 Incident Handler Certification
Dr. Kevin Streff American Security and Privacy, LLC Founder & Managing Partner www.americansecurityandprivacy.com [email protected] 605.270.4427 2
Agenda 3 Module 1 Incident Response Overview Module 2 Incident Response Laws and Regulations Module 3 The Fit of Incident Response in Information Security and Privacy Programs Module 4 Privacy Incidents Module 5 Security Incidents Module 6 Incident Response Program Overview Module 7 Step 1 - Preparation Module 8 Step 2 - Detection and Analysis Module 9 Step 3 - Contain, Eradicate, and Recover Module 10 Step 4 - Post Incident Activity Module 11 Incident Response Testing Module 12 Third Party Incident Response Requirements Module 13 Incident Response Auditing Module 14 Incident Response Metrics
Module 8 Incident response programs – Step 2 Detection and analysis 4
NIST SP-800-61 National Institute of Standards and Technology Computer Security Incident Handling Guide NIST Special Publication SP 800-61
Types of security incidents (samples) Denial of Service Incident Malicious Code Incident ACH Fraud Wire Fraud Merchant Capture Incident Debit Card Fraud Unauthorized Access Incident Inappropriate Usage Incident Physical Security Breach
Types of privacy incidents (samples) Incorrect disposal of hardware Data emailed to incorrect recipient Data of wrong data subject shown in client portal Data posted or faxed to incorrect recipient Failure to redact Failure to bcc Hardware/software misconfiguration Incorrect disposal of paperwork Loss/theft of device containing personal data Verbal disclosure of personal data Unauthorized data aggregation Violating primary use requirement
Triage Event (something happened) Incident (Violation of policy, law or regulation) 2) Determine root cause 3) Assess severity/impact
Triage Event (something happened) Incident (Violation of policy, law or regulation) Cyber triage best practices include: establishing standardized protocols, leveraging threat intelligence to prioritize alerts, automating repetitive tasks, incorporating AI and machine learning for faster analysis, regularly updating detection rules, training analysts on emerging threats, and continuously improving processes to adapt to evolving cyber threats
Triage Event (something happened) Incident (Violation of policy, law or regulation) Use both human and technical mechanisms to detect incidents Need partners who can alert you of incidents Need a monitoring capability Need a process to review logs
2) Determine root cause Leverage your resources Leverage subject matter experts Review holistically CVE database How did it start?
3) Assess severity/impact Assess what systems are affected Assess what business processes are affected
13
Module 8 Summary People and technology work together to detect incidents The earlier an incident is identified the less damage it is likely to cause The IRT must analyze quickly so that a response can be formed 14
Dr. Kevin Streff American Security and Privacy, LLC Founder & Managing Partner www.americansecurityandprivacy.com [email protected] 605.270.4427 15 American Security and Privacy, LLC
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 10
- Slides 15
- Age 272 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
33 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
31 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
27 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
29 views