Incident Management

00:00

Mulele 3.17 Incident Management

00:04

in this module analyzed incident planning and implementation.

00:07

We'll explore instant response to notifications.

00:12

So incident planning implementation

00:14

first determine an incident framework. For example, secure notify, resolve. The framework is important to help you not only build out your policy but also your procedures on what to include within your incident response

00:28

merge into existing incident procedures.

00:31

Whether you have medical human resources, information technology procedures and how to intake information regarding instance.

00:38

You may be able to take advantage of some of the system that you already have in place.

00:42

Incident detection technology processes and people incident kind of classification and escalation of workflows and determining, reporting an escalation process.

00:53

Continuing understanding, instant response budgeting is as important as training as saying itself. You have to have a budget for instant response

01:00

throughout isolation, forensic investigation, engaging in legal counsel, Pr communications, media outreach and reporting and notification are just some of the examples that you have to consider with the planning

01:11

supplies,

01:14

printing postage and a call center.

01:17

Also insurance,

01:19

you may or may not of insurance to help you with an incident response, especially if the incident does in fact determine a breach has occurred

01:30

within your organization. It's important to have a discussion about passive and active detection.

01:36

Previously in another module, we talked about intrusion detection systems. Well, those are great for whether or not a system has been tripped. There could be false positives. So it's important to make sure that you have an open discussion about how to passively and actively detect whether or not an incident occurs

01:56

that could result in a breach of information.

02:01

Some of the basic details of instant investigation include the name and location times of identification reporting systems, impacted information, impacted eyewitness accounts systems, logs and responsibility to notify. And when that last blow is probably the most important outside of the data gathering piece

02:20

is once you have the information, what do you do with it?

02:22

Well, that is usually given to you

02:24

by the research you have done in regard to the regulations that impact you and the p that she managed

02:32

remediation

02:35

reach organizations may choose to engage your mediation providers to reduce consumers risk of fraud or identity theft. Also, services covered typically are free daily credit monitoring, identity theft, insurance and fraud resolution services in the event of a breach has occurred. Is important to understand how to re mediate that breach and more importantly,

02:54

what you may legally be responsible to do.

03:00

Some of the advanced details of instant investigation would be determined in response to remediation, especially if systems are impacted

03:07

verification. P. I. Is or is not impacted. Is also important. System log collection and details required for regulators, insurance, public relations and council.

03:16

It's important to make sure you have all that information

03:20

identified early within your plan. So you know what potential gaps may exist in the event and incident occurs, especially one that can lead to a breach.

03:30

How can you improve the instant handling process to ensure immune ability and preserve chain of custody in your organization?

03:37

This is an important question to ask what you've got your plan in place

03:40

to make sure

03:42

that what has been collected

03:44

cannot be changed

03:45

and then how information travels to your organization has done so in a very secure and properly understood manner by all those involved.

03:57

Having an executive summary for an incident is important.

04:00

Who is impacted when, what reporting requirements exist, what to expect next day, week and month verification P is or is not impacted. System log collection review

04:11

details required for regulators insurance, public relations and council estimated remediation expenses,

04:16

which could include system replacement training, finds insurance premiums, etcetera,

04:20

or and others.

04:23

It's important to make sure that even if an incident does not lead to a direct breach

04:28

that you pair summary and report that summary to your leadership team

04:32

so that any type of remediation that has to occur internally

04:36

occurs to prevent either furniture in future incidents

04:41

or the addresses

04:42

that involved were

04:44

include a breach.

04:47

Know what executive contractual and regulatory requirements are for notification.

04:51

This is a must

04:58

quick question.

04:59

When an incident occurs, a breach almost always has occurred to her false.

05:06

The answer is

05:08

false

05:09

just because an incident occurs does not mean an actual breach of P. I. Has occurred.