Roles and Responsibilities

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
14 hours 39 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> When I was working as a
00:00
>> security researcher for the DoD,
00:00
>> I learned firsthand how difficult it is to
00:00
effectively train security personnel
00:00
between competing vendors,
00:00
standards, frameworks and policies.
00:00
It was nearly impossible to
00:00
manage all of our training needs and wants.
00:00
There was no system, no goal standard, no process.
00:00
To solve that problem, we created
00:00
our newest offering, Cybrary for Business.
00:00
Instead of trying to choose between
00:00
vendors or standards our community has created
00:00
a single clearinghouse where the
00:00
best of all worlds can come together.
00:00
With courses and learning material
00:00
created by instructors, vendors,
00:00
and experts from around the world,
00:00
you don't have to worry if you're missing
00:00
key information because you've
00:00
lost a game of vendor roulette.
00:00
We don't pick winners and losers,
00:00
we create a space where content creators and
00:00
students can come together to fix a broken industry.
00:00
You'll get unlimited use of
00:00
multiple hands-on training products
00:00
from multiple providers,
00:00
you get the world's largest catalog of
00:00
video-based security training,
00:00
and you get unlimited live online training classes
00:00
all in one singular catalog right on Cybrary.
00:00
Thanks for being a valued member of Cybrary.
00:00
>> All right. So important for us for the exam of course,
00:00
what are our responsibilities as
00:00
CISM in relation to the incident response function?
00:00
First thing is we're responsible for
00:00
the development of incident management policy.
00:00
Now that may not be totally on our shoulders,
00:00
we're going to work with senior management on that and
00:00
certainly they're going to have to get final approval,
00:00
but at the very least,
00:00
we're going to have a tremendous amount of input.
00:00
Here's where we're going to set
00:00
the expectations and lay out the guidelines and
00:00
the procedures and processes
00:00
for making sure that the services that are
00:00
provided to the business are consistent
00:00
and reliable even in the event of an incident.
00:00
We're going to make sure that
00:00
roles and responsibilities are
00:00
well-documented so people know what
00:00
they're doing and what they're expected to do.
00:00
Then we'll make sure that part of
00:00
our policy includes any requirements,
00:00
if we're going to have
00:00
alternatives to critical functions,
00:00
if there has been some compromise or damage.
00:00
Well, we need to make sure that the alternatives we can
00:00
figure are going to meet the requirements,
00:00
they're going to meet that criteria that's met,
00:00
so that has to be defined.
00:00
Other things that we're going to
00:00
do is we're going to work on
00:00
developing the incident management
00:00
and incident response plans,
00:00
of course, coordinate the activities.
00:00
Yeah, the CISM has a lot of
00:00
responsibility with incident response,
00:00
that's why it's a significant piece of the exam.
00:00
Making sure that the countermeasures
00:00
that are put in place are both
00:00
verified and validated and
00:00
when we talk about verification,
00:00
we're looking to find out did we do it correctly?
00:00
So did we follow the processes per the plan?
00:00
Then validation is, did it it work in a perfect world,
00:00
if we did it right,
00:00
then we would have done the right thing.
00:00
Does that make sense?
00:00
But sometimes we verify,
00:00
find out we followed all the steps
00:00
correctly and it didn't work as intended.
00:00
So that's the difference between
00:00
verification and validation.
00:00
Then we help with budgeting and development for
00:00
all these matters that are related to
00:00
information security in the event of incidence.
00:00
Now, in addition to
00:00
defining what the system does, of course,
00:00
there are other parties in the organization that are
00:00
going to have large contributing factors.
00:00
Just to talk about the incident management,
00:00
the response teams a little bit,
00:00
the first thing that we want to look at is
00:00
the Emergency Action Team.
00:00
These are the folks that come on,
00:00
they're sort of the first responders,
00:00
they're going to help evacuate
00:00
the building and their focus is going to
00:00
be on the safety of people first and always first,
00:00
and then the preservation of
00:00
organizational assets as well.
00:00
But that's always secondary to preserving human life.
00:00
These are the folks that maybe you're wearing
00:00
the orange safety vests and that
00:00
are using flashlights to like the hallway.
00:00
These are the folks that may be involved in helping
00:00
any employees that have physical challenges to evacuate,
00:00
they may be the folks counting heads in the parking lot,
00:00
they also may be the folks that are tasked
00:00
with activities like crashing the server room.
00:00
Often in the server room when we talk about crashing it,
00:00
sometimes there's even just a button that you
00:00
press in an emergency to power down everything.
00:00
If we're going to dump 50,000 gallons
00:00
of water to suppress a fire,
00:00
we want to make sure those servers are up and running.
00:00
So that's the Emergency Action Team
00:00
right there, first responders.
00:00
Now, the damage assessment team,
00:00
they're going to do pretty much what it sounds like.
00:00
They're going to come in after
00:00
the fact and they're going to look at the damage,
00:00
and they're going to help us figure out,
00:00
and of course they have to be qualified.
00:00
This isn't an estimation process.
00:00
These are the folks that are going to go in and give us
00:00
a quantifiable report based on the data.
00:00
How much damage was done,
00:00
what elements can be recovered or restored?
00:00
What elements are not salvageable?
00:00
The emergency management team is
00:00
going to coordinate all our other teams.
00:00
These are going to be the key
00:00
decision-makers in the process.
00:00
For instance if the damage assessment team
00:00
can't quite determine if
00:00
it's worth restoring a resource
00:00
or just counting it as a loss,
00:00
the emergency management team may be
00:00
consulted and focus on that management team piece.
00:00
They're the managers in the event of a recovery
00:00
and should be skilled to coordinate across all the teams.
00:00
Relocation team.
00:00
In the event of
00:00
a major incident which
00:00
again could rapidly turn into a disaster,
00:00
we may have to relocate for a temporary period.
00:00
So it's that relocation team that's responsible for
00:00
a graceful transfer and migration of
00:00
services perhaps to an offsite facility.
00:00
Also, the relocation team is going to be responsible for
00:00
the migration and the transfer back as well.
00:00
That's a lot of effort on the relocation team.
00:00
Then the security team who's often called the CIRT,
00:00
the Computer Incident Response Team,
00:00
you could see it called CSIRT
00:00
Computer Security Incident Response Team,
00:00
but ultimately,
00:00
they are responsible for managing
00:00
the CIA triad as
00:00
applicable with local laws and regulations.
00:00
They are responsible for
00:00
ensuring the security of our data,
00:00
our communication links contain those security threats,
00:00
and making sure that any issues that
00:00
might potentially slow recovery down,
00:00
their job is to make sure those issues are resolved.
Up Next