On this episode of CISO Tradecraft, you can learn the 10 steps to Incident Response Planning:
Establish a Cyber Incident Response Team
Develop a 24/7 Contact list for Response PersonnelCompile Key Documentation of Business-Critical Networks and SystemsIdentify Response Partners and Establish Mutual Assistance AgreementsDevelop Technical Response Procedures for Incident Handling that your team can follow:
External Media - An alert identifies someone plugged in a removable USB or external device
Attrition - An alert identifies brute force techniques to compromise systems, networks, or applications. (Examples Attackers trying thousands of passwords on login pages)Web - A Web Application Firewall alert shows attacks carried out against your website or web-based applicationEmail - A user reports phishing attacks with a malicious link or attachmentImpersonation - An attack that inserts malicious processes into something benign (example Rogue Access Point found on company property)Improper Usage - Attack stemming from user violation of the IT policies. (Example employee installs file sharing software on a company laptop) Physical Loss- Loss or theft of a physical device (Example employee loses their luggage containing a company laptop)Classify the Severity of the Cyber IncidentDevelop Strategic Communication ProceduresDevelop Legal Response ProceduresObtain CEO or Senior Executive Buy-In and Sign-offExercise the Plan, Train Staff, and Update the Plan Regularly
To learn more about Incident Response Planning, CISO Tradecraft recommends reading this helpful document from the American Public Power Association
If you would like to automate security reviews of infrastructure-as-code, then please check out Indeni CloudRail Link
Podden och tillhörande omslagsbild på den här sidan tillhör G Mark Hardy & Ross Young. Innehållet i podden är skapat av G Mark Hardy & Ross Young och inte av, eller tillsammans med, Poddtoppen.