Part 7 - What does an Incident Response team do?

Video Activity

This lesson covers what an incident response team does. They are responsible for: · Intrusion detection · Response and remediation · Advisory distribution · Education and awareness · Information sharing

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

7 hours 56 minutes
Video Description

This lesson covers what an incident response team does. They are responsible for: · Intrusion detection · Response and remediation · Advisory distribution · Education and awareness · Information sharing

Video Transcription
So, lastly, we're gonna talk about what does this incident Response team do? We've covered quite a bit of topics throughout this throughout this section
of the course. So essentially an incident response team at the first level is going to be responsible for intrusion detection.
So that first hear an incident response team often assumes the responsibility for that intrusion. Detection
on the team generally
benefits because it should be poised to analyze incidents more quickly and accurately
based on the knowledge gains of intrusion detection technologies. So that's at the very lowest first year level.
So after there's already been an incident detective,
the response and remediation process would come next. And that's where the team would essentially go in and respond to that incident. Become aware of it, investigate what's going on and then determine how the incident should be remediated in order to keep it from spreading. Are getting wars
the next kind of phase that the Incident Response Team would be response before his advisory distribution.
So a team may issue advisories within the organization regarding new vulnerabilities threats so automated methods should be used whenever appropriate to disseminate information. So, for example, the National Vulnerability database provides information via XML. Our access feeds
with new vulnerabilities were added to it,
so advisers are often most necessary with new threats are emerging, such as high profile social or political events. So celebrity wedding that Attackers were likely going toe leverage and social engineering.
Only one group within the organization organization should distribute computer security advisories
to avoid duplicated effort. Conflicting information. So, depending on how your team was organized,
you may have an incident response team that is also charged with these advisory distributions are you may have, like a threat intelligence aspect separate from your incident response team. That regard was that that entity that sends out this information should be coordinated
on it should be coming out from one person. So
again, the policy should state who within the organization, his response.
The other aspect of what incident Response team's our response before education and awareness. So education awareness, essentially our resource multipliers. More users and technical staff know about detecting reporting, responded to incidents, the less grain that there's going to be.
I just read an article the other day that about 40% of people who received some type of fishing
email click on the link, regardless of whatever is in the email, so still involves educating those employees because that 40% out there, that's that's we're probably gonna spend 90% of your time, if not more so. Getting those individuals educated about what to do
is very important.
And lastly, information share
So Incident Response Team's often participate in information sharing groups such as Saca's or regional partnerships. According according the incident Response Team's often manage the organization's incident response sharing efforts.
They made aggregate information related to incidents and share that information with other organizations
and ensure that pertinent information is shared within the enterprise. So we'll go into that a little bit later. A CE faras threat, intelligence and information sharing and reporting. But overall, I knew this was a was a long section, but it's a very important section.
Obviously, people just want to start diving into the incident response, but
important to have that policy established first.
If you don't have that policy in place, they often do something wrong, may violate policies or the law. Or you may put the company organization our interview that you're working for at risk, so it's very important to have this policy codified. Everyone in the Incident
Response team be aware of
policies, rules of regulations that they're supposed to follow an order to ensure a cohesive incident. Response.
So this concludes the incident response policy section of the course. So I hope you enjoyed the video and police check back and continue watching more of the incident response in advanced forensic scores.
Up Next