Incident Management Roles

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
3 hours 39 minutes
Difficulty
Intermediate
CEU/CPE
4
Video Transcription
00:00
>> Module 3.18, incident management roles.
00:00
During this module, we'll analyze
00:00
key roles in incident management,
00:00
and explore functions of key roles during an incident.
00:00
Key roles required for an incident.
00:00
Note, privacy team members may
00:00
not be included in an incident response team.
00:00
Now, that is okay,
00:00
considering an incident response team members
00:00
could include an appointed overseer, tech lead,
00:00
communications, internal,
00:00
external, social media, customer support,
00:00
corporate counsel, accounting, risk advisory,
00:00
and/or an insurance agency.
00:00
If you're not included in this incident team,
00:00
yet you are in your privacy program,
00:00
it's important you're part of the process,
00:00
especially if PII is impacted.
00:00
Note, not all incidents may
00:00
involve PII or a breach of PII.
00:00
Accounting may have to be included in
00:00
the event a payment needs to be made quickly.
00:00
Also, they may have to be included in the event,
00:00
a fine could potentially be levied against
00:00
an organization in the event PII has been breached.
00:00
It's important to note that with modern threats today,
00:00
in regard to ransomware or hacks,
00:00
that bad actors may request payment via cryptocurrency.
00:00
Some accounting departments and some organizations,
00:00
do not have accounts that are readily
00:00
available with cryptocurrency as a form of payment.
00:00
Most law enforcement organizations
00:00
will also recommend highly,
00:00
you do not pay a ransom.
00:00
However, some organizations have decided to do this.
00:00
In order to do it in a timely way to meet
00:00
the demands of a bad actor,
00:00
you may have to do it quickly via cryptocurrency.
00:00
Incident levels. Consider adopting levels of criticality,
00:00
for instance, to guide roles during an incident.
00:00
For example, red, yellow or green where
00:00
red is being severe in green as being normal.
00:00
Or Level 1 through 5, where one being minor,
00:00
and five being severe.
00:00
Having these types of levels
00:00
can help the incident response team
00:00
know who to include and how quickly they need to
00:00
move in the event an incident occurs.
00:00
There may also be some overlap
00:00
enrolls if an incident occurs.
00:00
Consider other groups to determine if
00:00
certain incident functions can be streamlined.
00:00
Also, help desk, business continuity,
00:00
vendors, disaster recovery, internal audit,
00:00
cybersecurity, and facilities could
00:00
also play a role with an incident response.
00:00
Remember, not all incidents could involve data.
00:00
It could involve access to facilities or access to
00:00
areas where sensitive information is
00:00
kept into their paper or media.
00:00
Quiz question. An answer report that potentially exposes
00:00
several thousand employee usernames and
00:00
passwords should be considered a blank incident.
00:00
One severe, two moderate, or three normal.
00:00
The answer is severe.
00:00
In this case, if there are
00:00
thousands of employees and their passwords have
00:00
been compromised and are available to bad actors,
00:00
one would classify this as a severe incident.
00:00
In this module, we discuss
00:00
key roles in incident management
00:00
and reviewed functions of
00:00
key roles when responding to incidents.
Up Next