Follow Incident Response Procedures

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

33 hours 23 minutes
Video Transcription
Hello and welcome back the side. There is 2019 Carpinteria Security Plus Certification Preparation course.
We will be continuing our discussion of marginal of five, which in fact is domain five and the top of discussion would be risk management.
We have a brand new learning objective which encompasses this particular domain, which is 5.4, which specifically states give it a scenario. Follow incident response procedures.
Here again are some sub topics which encompasses this particular learn objective. We began by first article looking incident Response plan document instant all way down to the topic off
continuing in terms of exploring our various top of discussing which encompasses 5.4 lin objective, we will take a look at the incident response process
in other words, realizing that we have preparation, identification, containment, eradication, recovery and then we have lessons learned. All of these particular topics will be discussed in the upcoming video
since praises to our pre assessment question and it reads as follows
Was it a following is not a step
of the instant response process is it ate a snapshot.
Be preparation,
see recovery or D containment
In this case, If you said today. You're absolutely correct because a snapshot is a state of a system at a potential reporting time.
Is also known as a sister. Image is not a step in the instant response process.
This brings us to ah incident management overview.
The purpose of the incident management is to identify and respond to unexpected disrupted events with the objective of controlling impact within acceptable levels.
This involves technical, physical, natural or anything that perhaps that occur as with any aspect of risk management risk and Venice impact analysis, forms of basis for determining variety of resource protection and response activity,
incident management, problem management and disaster recovery plan are essential and a complementary parts of the business continuity planning
as first responders to adverse information security related events. The objective is to prevent instance from becoming problems and revenge problem from becoming disasters. The extent of the instant mansion response capability must be bounced with the baseline security,
business continuity as well as disaster recovery
now before the incident response plan. A security incident response plan is a document that defines policies rose responsibly and actions to be taken in the event of a security incident.
In response plan is the operational component of of what we call our instant member process. They're playing in other words, detail actions, personnel active that take place in case of the first events, resulting in the loss of image systems or processes.
Seeing man support is required for the success of your incident response plan.
We must also again document the incident in the different types of category. Proactively planning for every conceivable type of incident is impractical. Still, incidents vary which require different types of response. Scratchy. This is not
unlike common and said that take place in the real world
in regards to the various roles of responsibility. The first time in the highlight here is that management commitment is critical to the success of your incident management and response. Effective incident management spots maybe less costly options than attempting to inimical trolls are all possible condition.
Another thing going to do you want to test your instant management response.
It may allow your organization at high level acceptable risk levels based upon demonstrated capacity to handle those very security incidents.
We also need have adequate instant response in combination would effective if my security what it's going to create a practical risk mansion solution
that may be more cost effective in the long run and more prudent resource management type decision.
Let's not turn to tour discussion of Rose and responsibility. The bolo lists of those are included in what we call a critical incident response team.
Now these roles will large the pin on their knees and resource is of the organization. What are teams, perhaps can include outside personnel
here again on a list of some most common what we call ranging from your security all way down to your financial auditor
event reported. An escalation procedure should be documented in your instant response plan.
A cyber incident response team was responsible working through this cyber incident response plan. The ultimate goal of this particular what we call the Spartans team is to eradicate the components from the incident, such as it could be mad worker bee viruses and so forth. And really, the goal is to get the organization running smoothly again.
In other words, get organization back on track.
Perhaps the most important thing to do is engage what we call assimilated cyberattacks. This were tested in response plan, ability to manage in respond to a real world cyber attack.
It's responses a well coordinated effort to rapidly respond to security incidents in the most efficient, cost effective manner. The golden in response plan, in other words, is to quickly identify an attack, minimized the effect, contain the damage
and large identify. Remediate what we call the root cause of the incident self
In terms of training
an organization every
in response, team members should undergo the following training programs introduction to incident management teams in terms of basic mission by the teams and his operation mentoring on the job training as well as former training.
Now there are some factors that we need to look at in terms off
measurement. Other words. We're looking at instant response metrics something metrics that we need to definitely value of the number of incidents
off east into the severity
and type the drill time the time required to contain the incident. Time required to resolve and close incident the number of times the instant response in terms of the service level agreement were not met. Perhaps you have some outside contract, maybe with Dale, and perhaps they didn't meet your expectations.
That could be something that we need to assess.
We look at the number external person affected and have. In fact, they have been notified.
And last. The total cost of quieter was off each incidents.
Interesting enough. A fan tax, a term that we need to be a webs called Gap analysis. Now I gapen eyes what it does. Force provides information on the gap between say, for example, looking at current instant response capabilities. Compare what the desired state. Other word. That's the state where we want to be at
so, in essence, back a parent of two levels.
The following may be identified. Other words. Prices that need to be improved and words make it much more effective or efficient.
Also, resource is need to achieve the objectives for the incident response capabilities.
Did you know that in response plan should be set up to address a suspected data breach in a serious off phases? Within each phase, there are specific areas of need that should be considered an affected instant response process is handled and several steps or phases.
So first, when we have to call the preparation, this face will be the workhorse of your instant planning or other words. Response process and in the end, the most critical crucial phase to protect your business.
Then we have identification.
This is a process where you determine whether you've been breached. In other words, a breach or incident could originate from many different areas.
Then we have a term called containment
one of breaches first discovered. Your initial instinct may be to security. Delete everything so that you can just get rid of it High over
that would like to hurt you in the long run, says you'll be destroying valuable evidence that you need to determine where the breach started and adviser plan to prevent it from happening again.
Then we look at eradication.
Once you contain the issue, you need to find an unlimited, the root cause of it of the breach. This means all male. What should be security removed? System should again be hardened, and patch and update should be applied that point in time.
Then we come to recovery.
This is a process was stored, and returning the effective system and advices back into your business environment during this time is important to get your system business operation up and running again without the fear of another breach.
This brings us to the lessons learned
once the investigation is complete.
Hold an after action. We were all in response team members and discuss what you've learned from the data breach. This way you were analysed and document everything about the breach. Determine what worked well, a US promise plan and where there was some holes.
Lesson learned from both mark and real events will help Sprink in your system against future attacks. It's time not to engage in a post assessment quiz, and it reads as follows.
You have been instructed to introduce an effective system back into the company's environment
and be sure that it will not lead to another incident.
You test monitor invalid that the system is not being compromised by any other means,
which is which of the instant response processes have you completed is a lesson. Learned
the preparation,
See recovery or D containment
if you should let the sea you're absolutely correct. It's the recovery process that brings the effect this system
back into the company's production environment. Careful aboard, leading to another incident
at this time. We have a key takeaways from this particular presentation, and they are as follows we learned that event reporting and escalation procedures should be documented in your incident response plan.
We know that the response plan is a document to help your i t. Respond to an incident. Includes details about how to detect, how to respond and how to recover it.
A Cyber Incident Response Team response for working through the Cyber Incident Response plan
related a similar cyberattack with test in response plan, ability to manage and respond to a real world cyber attack.
We're gonna gap refers to a space between where we are their present state and where we want to be the target state. A gap in Oz would also be referred to as a needs analysis needs assessment or a needs gap analysis.
In our upcoming presentation,
we'll be taking a look at our very next video will be addressing the topic of 5.5, a brand new learning objective in which we have to summarize basic concepts off forensics. And again, I look forward to seeing you in the very next video
Up Next
CompTIA Security+

Interested in the cybersecurity industry? The CompTIA Security+ is the gold standard for those looking to enter the cybersecurity industry. Join thousands of professionals who have gained this certification through this course and launched their careers in information security.

Instructed By