IT Incident Response Planning 2013
Click here to load reader
-
Upload
donald-hester -
Category
Technology
-
view
121 -
download
2
description
Transcript of IT Incident Response Planning 2013
![Page 1: IT Incident Response Planning 2013](https://reader038.fdocuments.net/reader038/viewer/2022100600/55547f9eb4c9050f348b4d23/html5/thumbnails/1.jpg)
©2013 Maze & Assoc ia tes
Incident Response
![Page 2: IT Incident Response Planning 2013](https://reader038.fdocuments.net/reader038/viewer/2022100600/55547f9eb4c9050f348b4d23/html5/thumbnails/2.jpg)
©2013 Maze & Assoc ia tes
Computer Security Incident Handling Guide
Computer Security Incident Handling GuideRecommendations of the National Institute of Standards and Technology (NIST)NIST SP 800-61 Revision 2 August 2012
![Page 3: IT Incident Response Planning 2013](https://reader038.fdocuments.net/reader038/viewer/2022100600/55547f9eb4c9050f348b4d23/html5/thumbnails/3.jpg)
©2013 Maze & Assoc ia tes
Incident Response Process
![Page 4: IT Incident Response Planning 2013](https://reader038.fdocuments.net/reader038/viewer/2022100600/55547f9eb4c9050f348b4d23/html5/thumbnails/4.jpg)
©2013 Maze & Assoc ia tes
Preparation “An ounce of preparation is worth a bound of cure”
“The more you sweat in training the less you bleed in battle.”
You can’t plan for everything, but you can have a strategy to cover just about anything
![Page 5: IT Incident Response Planning 2013](https://reader038.fdocuments.net/reader038/viewer/2022100600/55547f9eb4c9050f348b4d23/html5/thumbnails/5.jpg)
©2013 Maze & Assoc ia tes
Preparation Understand the need and requirements Creating Incident Response Policy, Plan, and Procedures
Forming Incident Response Team Training, CIRT – End Users Preventing Incidents – Controls Asset Inventory
![Page 6: IT Incident Response Planning 2013](https://reader038.fdocuments.net/reader038/viewer/2022100600/55547f9eb4c9050f348b4d23/html5/thumbnails/6.jpg)
©2013 Maze & Assoc ia tes
Detection and Analysis Signs of an Incident Precursors and Indicators Attack Vectors Incident Analysis Incident Documentation Incident Prioritization Notification – Call Tree and Assistance
![Page 7: IT Incident Response Planning 2013](https://reader038.fdocuments.net/reader038/viewer/2022100600/55547f9eb4c9050f348b4d23/html5/thumbnails/7.jpg)
©2013 Maze & Assoc ia tes
Containment, Eradication, and Recovery Recovery and Preservation of Evidence Containment Strategy Evidence gathering and handling Identification of source Eradication Recovery Testing
![Page 8: IT Incident Response Planning 2013](https://reader038.fdocuments.net/reader038/viewer/2022100600/55547f9eb4c9050f348b4d23/html5/thumbnails/8.jpg)
©2013 Maze & Assoc ia tes
Post-Incident Activities After Action Report Evaluating Evidence – Root Cause Analysis Control Evaluation Evidence Retention Notification – affected parties
![Page 9: IT Incident Response Planning 2013](https://reader038.fdocuments.net/reader038/viewer/2022100600/55547f9eb4c9050f348b4d23/html5/thumbnails/9.jpg)
©2013 Maze & Assoc ia tes
Communications with Outside Parties
![Page 10: IT Incident Response Planning 2013](https://reader038.fdocuments.net/reader038/viewer/2022100600/55547f9eb4c9050f348b4d23/html5/thumbnails/10.jpg)
©2013 Maze & Assoc ia tes
External Assistance