so is part of the education process is that once we understand something we can hopefully defend against,
since we know what it is, we know essentially how that an actor may
We can begin to essentially make fortifications to our defenses,
and we talked earlier about the cyber security paradox. And resiliency is going to be the answer to that paradox. So not to say that we shouldn't attempt to defend against potential threats toward network.
But due to the cyber security paradox, it's not if an incident is going to happen but went
so resiliency in the form of a business continuity plan and disaster recovery plant is going to be imperative. In those first steps to recovering from an incident
about a plan. There's essentially not going to be a blueprint directing employees on how or what to recover.
And then without that plant, there's no way to test the plan to ensure that it's gonna be effective
so this whole idea resiliency is too
essentially. Keep in mind that,
emergency preparedness is our best
proactive defense against a lot of these attacks. Ah, lot of thugs
and a lot of organizations. They say, Well, I have antivirus. I have my
threat team. I'm good to go,
but they may not put a lot of thinking
into the actual disaster recovery process itself.
So while they may have an incident response team, they don't have anything else that goes along with it to help the organization as they have some of these attacks occurring.
One of the more recent examples are the hospitals
that have been a victim, too,
Mauer. So they have great I t staff. They essentially
knew what to do during the response phase, but they didn't have any backups if they'd essentially backed up the data, and if they would have planned for a Nen Sedin like that to have heard,
it would have made the overall impact of that incident a lot less.
we talk about resiliency failures next, so just because we have a plan in place doesn't necessarily mean that it's a good plan or the right.
So we want to test these plans, and we want to make sure that they work and want to make sure that they make sense on then. This is a case study
from the hurricane Sandy.
in this you can see that there's essentially generators that air downstairs that would have helped a hospital essentially have power
during ah, blackout Such a hurricane Sandy that wiped out a lot of power grid in that sector.
So there are a few places in the U S where hospitals that much thought money and the disaster planning in New York.
And yet two of the city's bidding business, busiest medical centers, failed a fundamental test of readiness during Superstorm Sandy, they lost out of Europe. A patient in the hospital is on life support. I can tell you that's probably not a good thing to have happen.
So both hospitals and why you, uh,
going medical center at Bellevue Hospital Center had difficulty determining what exactly led me there, pal, your failures
that the culprit appeared to be the most common type.
A flood damage. There is water in the basement.
So, as you can see from those those diagrams that they had planned that yes, when when power goes out, we're going to have a generator up on the second roof
and are essentially the gaps to that generator. Flow to it. And then we will have power,
except that they put the supply lines in the basement. Which what?
So while both hospitals. But the generator's on high force, where they could be protected in the flood.
Other critical components of the backup power system such a steel pumps and takes remain in the basement just a block from the East River.
So obviously the plan they thought through the plan, they had a plan. It just wasn't a good plan and they didn't test the plan.
it's not essentially just having a plan. It's thinking through all of the aspects of that plant, identifying what could go wrong, what could go right?
Testing it, validating that plan on getting 1/3 set of eyes to look over that plan and make sure that it's gonna work or we're gonna have one of those Homer Simpson duck moments.
So that's gonna conclude the overall course for incident response and advanced forensics and incident recovery.
as we talk about in this section of the course, incident, recovery is going to be our last phase of the incident response process. And then in recovering, we've hopefully gathered up a lot of the data about the attack that we've had,
and that's going to help us formulate a strategy that we're going to use to recover
from that incident now, keeping in mind that recovery again as we discussed, It's not just a purely technical aspect that may involve many of the players within your organization,
but once we've identified essentially the
the threat, we know how it's acted in what it has done to our network into our systems. We can then begin that process up. Recovery
now is part of that recovery. Hopefully, we've had some type of plan and we've got some type of resiliency in place
on. Then again, resiliency is going to help us bounce back
from those disasters because without plan will be just kind of left wandering about trying to figure out what to do but through our business continuity planning through testing these thieves, processes and procedures. Hopefully we've identified a way that when and if disaster does occur
that were able to recover from it
ah, lot better and come back online again. If we don't test these plans and procedures, we could end up like these hospitals who thought they had a great plan
that weren't able to execute it. Do Thio one of those Homer Simpson's duck moments. So
again, thank you for watching the incident response in advance. Forensics Course. I hope you like that. If you have any questions, please write in, please email in. We're always trying to update our course material were more than happy to answer questions, trying to put together another course for something you guys are incident
So again, thank you for watching and please join us again for more exciting courses from cyber.