Hey, everyone, welcome back to the course. So in the last video, we took a look at control 18 applications offering security and how it maps up to the NIST cybersecurity framework
in this for the award to take a look at control 19 which is all about incident response and management.
So why do we even care about instant responsible Number one? It's not a question of if an organization will be attacked or your organization will be attacked. It's really just a matter of when, Right? Maybe you're a smaller company is not that big of a deal right now because you're not being targeted. But maybe you're not a smaller company. You're a large company, get attacked every single day.
there's going to be an incident, and you'll need to already have in place a response plan to that incident.
So sub control 19 1 1st off documenting the incident response procedures like, What are we actually doing? How are we doing it? Who's responsible? So putting that documentation in place so everyone understands what's the process after we have an incident of identifying that we do have an incident
verifying it's an incident responding to the incident. Any isolation we need to do and recovering from the incident and then also the after aftermath, Right? What do we do in all those steps of the incident response process?
Some control 19 2 is all about making sure people understand what they're supposed to be doing. Right? So assigning job titles and duties for the incident response process.
And so, for example, we need to let people know. Okay, once incident happens, you're going to be doing this right. You're gonna be doing that. And then also, who communicates with who, Right, So we're gonna have, like, a phone tea tree. So I call you and then you call Joey and then Joey call Sally and Sally calls,
uh, Tameka and Tameka calls Robert and Robert calls Jonathan, etcetera, etcetera. Right. So we have that in place, so we know who is responsible for what? When the actual incident occurs.
Sub control 19 3 doesn't eight specific management personnel to support incident? Hamli. So identify those stakeholders and those people that are gonna be key individuals to help you make decisions when an incident is transpiring.
So maybe that's the sizzle, right? The chief information security officer. For those I don't know what that is.
Maybe that's a security manager. Maybe that's the I T manager. Maybe it's the CEO, depending on the company. Maybe it's a C I o.
So this Identify. Who are these people? I levels of management. They're going to support
the decision making during the incident.
Sub Control 19 4 device some kind of organization wide standard for reporting incidents. So again, going back to the if you see something, say something but also taking that to the next level. Right? If I'm scanning logs and I look and I see that there's something that could be an incident,
how do I notify people? Right. How do I do in how do I notify that there is some kind of breach going on?
So just devising those standards in place of what's our process behind this? That's what we need to make sure that we do
some control. 19 5 maintaining contact information for reporting so your organization may have to report to different government entities. So just making sure that you have that contact information in advance and in a readily available place so you can report any type of security incident
some control. 19 6 published information regarding reporting computer anomalies and incidents. So basically, just letting people know. How do you actually
report this stuff? How do you let us know that there might be an incident going on or something wacky is going on? How do you report that to us? And you should continuously let those workforce members and know all about. That's if you update this. Make sure you let them know the new process for reporting. Reporting these things
some control. 19 7 conduct periodic incidents scenario session. So again, going back to the training right, It's doesn't It's no good if we put all this fancy in this incident response in place and then it all fall apart when people actually try to go do it. So we need to make sure we're continuously practicing. So becomes second nature when we actually do have an incident in our company.
And finally some control 19.8 create incidents scoring and prioritization. Shima. So, for example, if I identify that an incident is happening, is this actually
critical to my business, right? If this incident is allowed to continue,
will it shut down my operations. Will it meal? Maybe it's an attack may be. So will it take my sense of data like what actually occurs here? So we didn't prioritize those because there are a lot of things you could focus your attention on that could be potentially deemed as an incident. But we want to make sure that we prioritize those in
focus on the critical incidents first.
So in this video, we just talked about CIA's control 19. In the next video, we're gonna talk through how that maps up to Venice Cybersecurity framework. I also want to mention this module as well. We've got a couple of labs, just like the previous lab we did. These two labs are also just gonna have a short walk through video just to introduce you to the lab.
It's not going to show you step by step. However,
there is a step by step guide for both the upcoming labs in the resource of section of the course, so be sure to download those so you can go through the lab step by step