Incident Response Lifecycle Preparation

00:04

Okay, so now that we've kind of defined what an incident is and what incident response is, let's look at the incident response Life cycle.

00:13

And of course, we start with preparation. Then we look toe, identify something as an incident. We contain the incident we eradicate and were mediate the situation. And then we document,

00:28

All right. So as we move on to talking about preparation again, this is an an essential piece that the scissors oh is heavily involved with and making sure that we're prepared for an incident. So we're gonna coordinate the planning and the design of our plans.

00:46

And again, this isn't something that Isa scissors do by myself.

00:50

I'm gonna have a team that I work with across various functions within the organization, understanding the various business processes of business units and what's essential to them and then looking at potential vulnerabilities that an instance on incident could exploit. So I'm working with the team.

01:10

Um, I start off by, like I said, working with the management units

01:15

and trying to determine what their requirements are. You know, things like the Web presence must be up and running within 30 minutes of an incident or whatever that might be. These are critical in our chief.

01:29

Um, resource is this is, uh there's that these air, the applications that are critical, the hospice,

01:34

So ultimately, preparing part of preparing is collecting information. And in order to do that, we have to make sure we're working with drug people, usually business unit leaders or managers. Very good place to start.

01:49

All right, now, really, before I can get any it before I can get anywhere of this 19. You see management and make sure that they're on board and ultimately, to make sure that they're committed to developing these plans and already said,

02:07

this process is people

02:08

really have to be provided. And if senior management isn't on board, none of it matters.

02:15

All right, So, uh, we're gonna get a plan for implementing, and basically, that plan is gonna consist of policies and procedures. Document document. It approaches.

02:29

What sort of criteria have we define? An incident. What sort of criteria has to be met to access or to initiate the incident response plan? Um,

02:44

defined criticality

02:46

criticality is something we'll talk about disaster recovery and business continuity planning in the next section. But ultimately criticality deals with how time sensitive a service or process is. So, for instance, when we look at critical resource is their critical based on essentially,

03:07

uh, how much damage

03:08

the organization suffers, based on the time that that resource is down. So, for instance, if you look at an organization like Amazon, think about how much money Amazon must lose.

03:21

If their server their Web servers, are down for 15 minutes, for instance, Just think about how tremendous the impact would be just for 15 minutes of lost sales time with Amazon, their Web presence is extremely critical. So what we're looking at is we're looking at

03:38

those elements that support our business,

03:42

that are where we would suffer the greatest laws without them. And ultimately what we want to do is we want to establish periods of criticality. So, for instance, for those elements that are most critical,

03:55

how long can they be down?

03:58

Less than 10 minutes less than an hour? Less than six hours? It depends on the business, but ultimately we're gonna define categories of criticality and assigned those categories to the process.

04:10

All right, we got a look at what our capability is in house. Like I said, Do we really have? The resource is? And if not, we need to think about acquiring those Resource is or figuring out how we're gonna accomplish. Instant response will also document

04:28

how we're going to conduct our review

04:30

after an incident. Will create the documents for lessons learned or postmortem and making sure that we can collect the information after an incident does transpire. And then it changes need to be made as the result of an incident.

04:46

We need to make sure that there's a change management procedure

04:50

in place, that we don't just go around making major reactions to issues, but we have a full process in place that's gonna include submitting the change request, evaluating the change of West, testing it, documenting it and then implementing it. So with preparations, there are a lot of things that we have to do

05:10

before we jump right into the process