3.21 Post-Incident Review

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

12 hours 48 minutes
Video Transcription
OK Post incident review. So whether this is a live incident, whether it's the result of a test, but you've gone through the motions to some degree, what did you learn? And one of the pieces, You know, we tend to resist documentation, and
sometimes we're good at documenting up front. But we kind of trail off towards the tail end when we conduct these post incident reviews. What we're trying to pull together is a lessons learned document. Now you can call it whatever you call it. It's your organization. But like I said, what worked and what can we improve?
So we go back and we want to make sure that this is available sze
as appropriate to anybody that needs it. So again, not every individual in the company needs to know where disaster recovery plan failed or business continuity. Yeah, really more disaster cover claims failed, but
heads of departments, perhaps certainly senior management we published to those individuals is necessary. We want action. You know if if you've managed projects before, you've probably worked with plan of actions and milestones, sometimes called poems. What did we identify?
Okay, something didn't work. Let's fix it because we want to get better for the next time. So the important piece is
when you're managing. When you're developing business Continuity plan. It is a project, and one phase of the project is testing, and the results from testing need to be written up. We need to follow through too weak it resolution of the issues that came up as part of the test.
An important piece,
your business continuity plans should be reviewed at least once per year or in the event of a major change. Or, as risk indicates, you know, some sort of wording that will tell you, yeah, once the years that could, you know, a good starting point. But
you know the environments always changing threat landscape changes. Your organization may buy out another company. You may get bought out by another company. You may have an infrastructure change whatever. So we've got to go back and review our plan at least once per year or in the event of a major change
Up Next
Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By