So like I mentioned before there multiple organizations that have input on response and management in various strategies. So now we're gonna look at the document from the University of California called responding to computer security incidents.
This is also referenced in this is, um, study guide. So it's certainly worth looking at here.
You know, the big point is, they're not gonna say what's the second step
the University of California's framework.
And you have to look at that versus Software Engineering Institute. But what you're gonna need to understand is the flow of the processes and the regardless of which framework I show you, the flow should always make sense. Okay, so with this particular plan,
we do start off before we developed the plan, I guess sort of a predecessor to that is to assess our current incident response capability. Where we now, right, you're not ever gonna walk into an organization and they have no plan or strategy whatsoever for responding to incidents.
So what you want to know is are we where we want to be? And we go back to that idea of current state versus desired state so we can survey our employees.
We can do self assessment.
We can hire third party to come in and give us external information. But ultimately, the question we wanna answers are we where we wanna be
and chances are good. If you're coming into a new role, you may find that there are recommendations you would make for closing the gap between current state and desired state. We have to make sure that we have methods and plan, not just for remember that
a computer incident is not
just a technical event, right? We could have man made or natural disasters that would impact
our capabilities for operations.
And then we also, you know, I know we talked a little bit about technology in domain three, but we have to look at our technology controls
and the inherent vulnerabilities just having technology in our environment.
right? Our weakest link. Are they well trained? Are they knowledgeable? Do they understand the processes? Do they understand how to report incidents?
Always our weakest link with got evaluator people.
What processes Aaron place security controls controls Kenbrell ng in an entire set of risks all on their own. So we evaluate those controls. We also we're gonna look at incident response history. We're gonna look a lessons learned or postmortem reviews.
Ultimately, to figure out
are we where we need to be.