Incident Management

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
3 hours 39 minutes
Difficulty
Intermediate
CEU/CPE
4
Video Transcription
00:00
Mulele 3.17 Incident Management
00:04
in this module analyzed incident planning and implementation.
00:07
We'll explore instant response to notifications.
00:12
So incident planning implementation
00:14
first determine an incident framework. For example, secure notify, resolve. The framework is important to help you not only build out your policy but also your procedures on what to include within your incident response
00:28
merge into existing incident procedures.
00:31
Whether you have medical human resources, information technology procedures and how to intake information regarding instance.
00:38
You may be able to take advantage of some of the system that you already have in place.
00:42
Incident detection technology processes and people incident kind of classification and escalation of workflows and determining, reporting an escalation process.
00:53
Continuing understanding, instant response budgeting is as important as training as saying itself. You have to have a budget for instant response
01:00
throughout isolation, forensic investigation, engaging in legal counsel, Pr communications, media outreach and reporting and notification are just some of the examples that you have to consider with the planning
01:11
supplies,
01:14
printing postage and a call center.
01:17
Also insurance,
01:19
you may or may not of insurance to help you with an incident response, especially if the incident does in fact determine a breach has occurred
01:30
within your organization. It's important to have a discussion about passive and active detection.
01:36
Previously in another module, we talked about intrusion detection systems. Well, those are great for whether or not a system has been tripped. There could be false positives. So it's important to make sure that you have an open discussion about how to passively and actively detect whether or not an incident occurs
01:56
that could result in a breach of information.
02:01
Some of the basic details of instant investigation include the name and location times of identification reporting systems, impacted information, impacted eyewitness accounts systems, logs and responsibility to notify. And when that last blow is probably the most important outside of the data gathering piece
02:20
is once you have the information, what do you do with it?
02:22
Well, that is usually given to you
02:24
by the research you have done in regard to the regulations that impact you and the p that she managed
02:32
remediation
02:35
reach organizations may choose to engage your mediation providers to reduce consumers risk of fraud or identity theft. Also, services covered typically are free daily credit monitoring, identity theft, insurance and fraud resolution services in the event of a breach has occurred. Is important to understand how to re mediate that breach and more importantly,
02:54
what you may legally be responsible to do.
03:00
Some of the advanced details of instant investigation would be determined in response to remediation, especially if systems are impacted
03:07
verification. P. I. Is or is not impacted. Is also important. System log collection and details required for regulators, insurance, public relations and council.
03:16
It's important to make sure you have all that information
03:20
identified early within your plan. So you know what potential gaps may exist in the event and incident occurs, especially one that can lead to a breach.
03:30
How can you improve the instant handling process to ensure immune ability and preserve chain of custody in your organization?
03:37
This is an important question to ask what you've got your plan in place
03:40
to make sure
03:42
that what has been collected
03:44
cannot be changed
03:45
and then how information travels to your organization has done so in a very secure and properly understood manner by all those involved.
03:57
Having an executive summary for an incident is important.
04:00
Who is impacted when, what reporting requirements exist, what to expect next day, week and month verification P is or is not impacted. System log collection review
04:11
details required for regulators insurance, public relations and council estimated remediation expenses,
04:16
which could include system replacement training, finds insurance premiums, etcetera,
04:20
or and others.
04:23
It's important to make sure that even if an incident does not lead to a direct breach
04:28
that you pair summary and report that summary to your leadership team
04:32
so that any type of remediation that has to occur internally
04:36
occurs to prevent either furniture in future incidents
04:41
or the addresses
04:42
that involved were
04:44
include a breach.
04:47
Know what executive contractual and regulatory requirements are for notification.
04:51
This is a must
04:58
quick question.
04:59
When an incident occurs, a breach almost always has occurred to her false.
05:06
The answer is
05:08
false
05:09
just because an incident occurs does not mean an actual breach of P. I. Has occurred.
05:15
In this module, we discussed incident planning implementation. We also analyze instant response and notification.
Up Next