Incident Response Planning 5.4 Flashcards
Security Incidents
Users will click bad emails and execute malware. You may get DDoS’d, or confidential information will get stolen, or users will install peer-to-peer software and allow external access to internal servers.
Roles and Responsibilities
Incident Response Team - Specialize group, trained and tested.
IT Security Management - Corporate support
Compliance Officers - Intricate knowledge of compliance rules
Technical Staff - Your team in the trenches
User Community - They see everything
Incident Notification
Create a contact list of all the people who you need to be in touch with. There will be people in corporate, IT, non-IT, legal, public affairs, and external contacts.
Cyber-Incident Response Team (CIRT)
Receives, reviews, and responds. This is a predefined group of professionals. Determine what type of events will require a CIRT response. The CIRT may not be part of the organizational structure. It is a team you pull together on an as need basis. It focuses on incident response, analysis, and reporting.
Exercises
Test your team during exercises before an actual event occurs. Use well-defined rules of engagement. Do not touch your production systems. Make the scenario very specific. This will be a tabletop exercise. Evaluate and discuss after.