Time
7 hours 36 minutes
Difficulty
Advanced
CEU/CPE
7

Video Description

This lesson covers what an incident response team does. They are responsible for: · Intrusion detection · Response and remediation · Advisory distribution · Education and awareness · Information sharing

Video Transcription

00:04
So, lastly, we're gonna talk about what does this incident Response team do? We've covered quite a bit of topics throughout this throughout this section
00:14
of the course. So essentially an incident response team at the first level is going to be responsible for intrusion detection.
00:22
So that first hear an incident response team often assumes the responsibility for that intrusion. Detection
00:30
on the team generally
00:32
benefits because it should be poised to analyze incidents more quickly and accurately
00:37
based on the knowledge gains of intrusion detection technologies. So that's at the very lowest first year level.
00:44
So after there's already been an incident detective,
00:48
the response and remediation process would come next. And that's where the team would essentially go in and respond to that incident. Become aware of it, investigate what's going on and then determine how the incident should be remediated in order to keep it from spreading. Are getting wars
01:07
the next kind of phase that the Incident Response Team would be response before his advisory distribution.
01:15
So a team may issue advisories within the organization regarding new vulnerabilities threats so automated methods should be used whenever appropriate to disseminate information. So, for example, the National Vulnerability database provides information via XML. Our access feeds
01:34
with new vulnerabilities were added to it,
01:36
so advisers are often most necessary with new threats are emerging, such as high profile social or political events. So celebrity wedding that Attackers were likely going toe leverage and social engineering.
01:49
Only one group within the organization organization should distribute computer security advisories
01:55
to avoid duplicated effort. Conflicting information. So, depending on how your team was organized,
02:00
you may have an incident response team that is also charged with these advisory distributions are you may have, like a threat intelligence aspect separate from your incident response team. That regard was that that entity that sends out this information should be coordinated
02:19
on it should be coming out from one person. So
02:22
again, the policy should state who within the organization, his response.
02:25
Oops.
02:28
The other aspect of what incident Response team's our response before education and awareness. So education awareness, essentially our resource multipliers. More users and technical staff know about detecting reporting, responded to incidents, the less grain that there's going to be.
02:46
I just read an article the other day that about 40% of people who received some type of fishing
02:52
email click on the link, regardless of whatever is in the email, so still involves educating those employees because that 40% out there, that's that's we're probably gonna spend 90% of your time, if not more so. Getting those individuals educated about what to do
03:12
is very important.
03:14
And lastly, information share
03:15
So Incident Response Team's often participate in information sharing groups such as Saca's or regional partnerships. According according the incident Response Team's often manage the organization's incident response sharing efforts.
03:31
They made aggregate information related to incidents and share that information with other organizations
03:38
and ensure that pertinent information is shared within the enterprise. So we'll go into that a little bit later. A CE faras threat, intelligence and information sharing and reporting. But overall, I knew this was a was a long section, but it's a very important section.
03:53
Obviously, people just want to start diving into the incident response, but
03:58
important to have that policy established first.
04:00
If you don't have that policy in place, they often do something wrong, may violate policies or the law. Or you may put the company organization our interview that you're working for at risk, so it's very important to have this policy codified. Everyone in the Incident
04:19
Response team be aware of
04:21
policies, rules of regulations that they're supposed to follow an order to ensure a cohesive incident. Response.
04:30
So this concludes the incident response policy section of the course. So I hope you enjoyed the video and police check back and continue watching more of the incident response in advanced forensic scores.

Up Next

Incident Response and Advanced Forensics

In this course, you will gain an introduction to Incident Response, learn how to develop three important protection plans, perform advanced forensics on the incident, deep dive into insider and malware threats, and commence incident recovery.

Instructed By

Instructor Profile Image
Max Alexander
VP, Cybersecurity Incident Response Planning at JPMorgan
Instructor