Time
7 hours 36 minutes
Difficulty
Advanced
CEU/CPE
7

Video Description

This lesson covers resiliency. In the form of business continuity planning (BCP) are the first steps in recovering from an incident. Remember, it is NOT a matter of IF an incident occurs, it is WHEN an incident occurs. For this reason, a solid recovery plan is crucial.

Video Transcription

00:04
so is part of the education process is that once we understand something we can hopefully defend against,
00:11
since we know what it is, we know essentially how that an actor may
00:18
want to attack us.
00:20
We can begin to essentially make fortifications to our defenses,
00:25
and we talked earlier about the cyber security paradox. And resiliency is going to be the answer to that paradox. So not to say that we shouldn't attempt to defend against potential threats toward network.
00:40
But due to the cyber security paradox, it's not if an incident is going to happen but went
00:46
so resiliency in the form of a business continuity plan and disaster recovery plant is going to be imperative. In those first steps to recovering from an incident
00:59
about a plan. There's essentially not going to be a blueprint directing employees on how or what to recover.
01:07
And then without that plant, there's no way to test the plan to ensure that it's gonna be effective
01:12
when the
01:14
so this whole idea resiliency is too
01:19
essentially. Keep in mind that,
01:22
uh,
01:23
emergency preparedness is our best
01:26
proactive defense against a lot of these attacks. Ah, lot of thugs
01:32
and a lot of organizations. They say, Well, I have antivirus. I have my
01:38
threat team. I'm good to go,
01:41
but they may not put a lot of thinking
01:45
into the actual disaster recovery process itself.
01:49
So while they may have an incident response team, they don't have anything else that goes along with it to help the organization as they have some of these attacks occurring.
02:00
One of the more recent examples are the hospitals
02:05
that have been a victim, too,
02:07
Mauer. So they have great I t staff. They essentially
02:14
knew what to do during the response phase, but they didn't have any backups if they'd essentially backed up the data, and if they would have planned for a Nen Sedin like that to have heard,
02:28
it would have made the overall impact of that incident a lot less.
02:32
So
02:34
we talk about resiliency failures next, so just because we have a plan in place doesn't necessarily mean that it's a good plan or the right.
02:46
So we want to test these plans, and we want to make sure that they work and want to make sure that they make sense on then. This is a case study
02:55
from the hurricane Sandy.
02:58
So
03:00
in this you can see that there's essentially generators that air downstairs that would have helped a hospital essentially have power
03:09
during ah, blackout Such a hurricane Sandy that wiped out a lot of power grid in that sector.
03:17
So there are a few places in the U S where hospitals that much thought money and the disaster planning in New York.
03:25
And yet two of the city's bidding business, busiest medical centers, failed a fundamental test of readiness during Superstorm Sandy, they lost out of Europe. A patient in the hospital is on life support. I can tell you that's probably not a good thing to have happen.
03:42
So both hospitals and why you, uh,
03:46
going medical center at Bellevue Hospital Center had difficulty determining what exactly led me there, pal, your failures
03:53
that the culprit appeared to be the most common type.
03:57
A flood damage. There is water in the basement.
04:00
So, as you can see from those those diagrams that they had planned that yes, when when power goes out, we're going to have a generator up on the second roof
04:11
and are essentially the gaps to that generator. Flow to it. And then we will have power,
04:19
except that they put the supply lines in the basement. Which what?
04:25
So while both hospitals. But the generator's on high force, where they could be protected in the flood.
04:30
Other critical components of the backup power system such a steel pumps and takes remain in the basement just a block from the East River.
04:39
So obviously the plan they thought through the plan, they had a plan. It just wasn't a good plan and they didn't test the plan.
04:46
So
04:48
it's not essentially just having a plan. It's thinking through all of the aspects of that plant, identifying what could go wrong, what could go right?
04:59
Testing it, validating that plan on getting 1/3 set of eyes to look over that plan and make sure that it's gonna work or we're gonna have one of those Homer Simpson duck moments.
05:11
So that's gonna conclude the overall course for incident response and advanced forensics and incident recovery.
05:19
So
05:20
as we talk about in this section of the course, incident, recovery is going to be our last phase of the incident response process. And then in recovering, we've hopefully gathered up a lot of the data about the attack that we've had,
05:39
and that's going to help us formulate a strategy that we're going to use to recover
05:44
from that incident now, keeping in mind that recovery again as we discussed, It's not just a purely technical aspect that may involve many of the players within your organization,
05:57
but once we've identified essentially the
06:00
the threat, we know how it's acted in what it has done to our network into our systems. We can then begin that process up. Recovery
06:12
now is part of that recovery. Hopefully, we've had some type of plan and we've got some type of resiliency in place
06:17
on. Then again, resiliency is going to help us bounce back
06:23
from those disasters because without plan will be just kind of left wandering about trying to figure out what to do but through our business continuity planning through testing these thieves, processes and procedures. Hopefully we've identified a way that when and if disaster does occur
06:43
that were able to recover from it
06:45
ah, lot better and come back online again. If we don't test these plans and procedures, we could end up like these hospitals who thought they had a great plan
06:56
that weren't able to execute it. Do Thio one of those Homer Simpson's duck moments. So
07:01
again, thank you for watching the incident response in advance. Forensics Course. I hope you like that. If you have any questions, please write in, please email in. We're always trying to update our course material were more than happy to answer questions, trying to put together another course for something you guys are incident
07:21
are interested in.
07:24
So again, thank you for watching and please join us again for more exciting courses from cyber.

Incident Response and Advanced Forensics

In this course, you will gain an introduction to Incident Response, learn how to develop three important protection plans, perform advanced forensics on the incident, deep dive into insider and malware threats, and commence incident recovery.

Instructed By

Instructor Profile Image
Max Alexander
VP, Cybersecurity Incident Response Planning at JPMorgan
Instructor