3 hours 39 minutes
Mulele 3.17 Incident Management
in this module analyzed incident planning and implementation.
We'll explore instant response to notifications.
So incident planning implementation
first determine an incident framework. For example, secure notify, resolve. The framework is important to help you not only build out your policy but also your procedures on what to include within your incident response
merge into existing incident procedures.
Whether you have medical human resources, information technology procedures and how to intake information regarding instance.
You may be able to take advantage of some of the system that you already have in place.
Incident detection technology processes and people incident kind of classification and escalation of workflows and determining, reporting an escalation process.
Continuing understanding, instant response budgeting is as important as training as saying itself. You have to have a budget for instant response
throughout isolation, forensic investigation, engaging in legal counsel, Pr communications, media outreach and reporting and notification are just some of the examples that you have to consider with the planning
printing postage and a call center.
you may or may not of insurance to help you with an incident response, especially if the incident does in fact determine a breach has occurred
within your organization. It's important to have a discussion about passive and active detection.
Previously in another module, we talked about intrusion detection systems. Well, those are great for whether or not a system has been tripped. There could be false positives. So it's important to make sure that you have an open discussion about how to passively and actively detect whether or not an incident occurs
that could result in a breach of information.
Some of the basic details of instant investigation include the name and location times of identification reporting systems, impacted information, impacted eyewitness accounts systems, logs and responsibility to notify. And when that last blow is probably the most important outside of the data gathering piece
is once you have the information, what do you do with it?
Well, that is usually given to you
by the research you have done in regard to the regulations that impact you and the p that she managed
reach organizations may choose to engage your mediation providers to reduce consumers risk of fraud or identity theft. Also, services covered typically are free daily credit monitoring, identity theft, insurance and fraud resolution services in the event of a breach has occurred. Is important to understand how to re mediate that breach and more importantly,
what you may legally be responsible to do.
Some of the advanced details of instant investigation would be determined in response to remediation, especially if systems are impacted
verification. P. I. Is or is not impacted. Is also important. System log collection and details required for regulators, insurance, public relations and council.
It's important to make sure you have all that information
identified early within your plan. So you know what potential gaps may exist in the event and incident occurs, especially one that can lead to a breach.
How can you improve the instant handling process to ensure immune ability and preserve chain of custody in your organization?
This is an important question to ask what you've got your plan in place
to make sure
that what has been collected
cannot be changed
and then how information travels to your organization has done so in a very secure and properly understood manner by all those involved.
Having an executive summary for an incident is important.
Who is impacted when, what reporting requirements exist, what to expect next day, week and month verification P is or is not impacted. System log collection review
details required for regulators insurance, public relations and council estimated remediation expenses,
which could include system replacement training, finds insurance premiums, etcetera,
or and others.
It's important to make sure that even if an incident does not lead to a direct breach
that you pair summary and report that summary to your leadership team
so that any type of remediation that has to occur internally
occurs to prevent either furniture in future incidents
or the addresses
that involved were
include a breach.
Know what executive contractual and regulatory requirements are for notification.
This is a must
When an incident occurs, a breach almost always has occurred to her false.
The answer is
just because an incident occurs does not mean an actual breach of P. I. Has occurred.
In this module, we discussed incident planning implementation. We also analyze instant response and notification.