Incident Response
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
9 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Transcription
00:01
>> Welcome to Domain 9, incident response.
00:01
In this module, we'll use
00:01
the incident response life cycle as
00:01
a structure for examining incident response.
00:01
We'll talk about preparation,
00:01
detection and analysis phase,
00:01
containment, eradication and recovery,
00:01
and post-incident activities.
00:01
For the remainder of this video,
00:01
we will be defining an incident,
00:01
giving an overview of the incident response life cycle
00:01
and I'm going to have a little soapbox speech
00:01
on incident communications.
00:01
An event is any observable occurrence
00:01
and a system or network.
00:01
Events include user connecting to a file share,
00:01
a server receiving a request from a webpage,
00:01
or users sending an email,
00:01
even a firewall blocking a connection attempt.
00:01
Adverse events are events with a negative consequence,
00:01
such as system crashes,
00:01
packet floods, unauthorized use of system privileges,
00:01
unauthorized access to sensitive data
00:01
and execution of malware.
00:01
A computer security incident is a violation or
00:01
imminent threat of violation
00:01
of computer security policies,
00:01
acceptable use policies or standard security practices.
00:01
Well-known examples include an attacker,
00:01
whether it'd be an individual,
00:01
organization or nation-state,
00:01
commands a botnet to sign
00:01
a high volume of connection requests to a server,
00:01
causing that server to crash or become unavailable.
00:01
This is often referred to as DDoS attack.
00:01
Other examples, users are tricked into
00:01
opening an email that runs malware,
00:01
which subsequently uses their system to perform
00:01
unintended activities or when a user is
00:01
tricked to exposing
00:01
sensitive information through a phishing email.
00:01
I can go on and on with examples,
00:01
but since you're on cyber,
00:01
you're probably familiar with these
00:01
and many more incident types,
00:01
whether they be nefarious in nature or unintentional.
00:01
Here we have the incident response life cycle.
00:01
This is based on the NIST specification 800-61 Rev.
00:01
2, and this is the way we're going to
00:01
structure our examination of incident response.
00:01
We'll look at preparation,
00:01
detection and analysis, containment,
00:01
eradication and recovery phase,
00:01
and the post incident activities.
00:01
Whether we're talking about
00:01
a breach or an unintended outage,
00:01
communication is important and having
00:01
a communication plan is even more important.
00:01
I highly recommend that
00:01
the individuals responsible for communication,
00:01
also referred to as communication handlers,
00:01
not be the same as the person
00:01
responsible for dealing with the incident.
00:01
I've been personally caught in this pickle.
00:01
Nothing is more frustrating than
00:01
trying to deal with a problem while at
00:01
the same time being hounded from
00:01
many different parties for details, updates and status.
00:01
Being able to focus on solving the problem while
00:01
spending mental cycles crafting email updates,
00:01
responding to phone calls and text messages is
00:01
a lot to put on a single person at the same time.
00:01
The CCSK exam doesn't go deep
00:01
into specifics of incident communication.
00:01
But there is such a common problem,
00:01
I wanted to call it out.
00:01
This isn't just in my experience,
00:01
but is a shared sentiment with many others that
00:01
have held a role in technology operations.
00:01
If you're a manager, make
00:01
sure there is a communication plan.
00:01
This could be you doing communicating, or somebody else.
00:01
If you aren't a manager,
00:01
make a plea to your manager to
00:01
put something like this in place.
00:01
This is particularly important in a cloud situation since
00:01
you are often not alone in resolving the incident.
00:01
As we examine each phase of the IR life cycle,
00:01
we'll speak to particulars
00:01
of IR in the Cloud environment.
00:01
But as you probably expect,
00:01
communicating with the Cloud provider
00:01
or communicating with Cloud customers,
00:01
if you are a Cloud provider,
00:01
is a vital point for handling incident response.
00:01
Thank you for listening to my speech.
00:01
Now I'll get off my soapbox and we'll continue.
00:01
To summarize this video,
00:01
we defined an incident,
00:01
gave an overview of the incident response life cycle and
00:01
then you listen to my soapbox speech
00:01
about incident communications.
Up Next
Similar Content
