when I was working as a security researcher for the D. O. D. I learned firsthand how difficult it is to effectively trained security personnel between competing vendors, standards, frameworks and policies. It was nearly impossible to manage all of our training needs and wants. There was no system, no gold standard, no process. To solve that problem, we created our newest offering, Sy Berry, for business.
Instead of trying to choose between vendors or standard, our community has created a single clearing house
where the best of all worlds can come together with courses and learning material created by instructors, vendors and experts from around the world. You don't have to worry of your missing key information because you lost a game of vendor roulette. We don't pick winners and losers. We create a space where content creators and students can come together to fix a broken industry.
You'll get unlimited use of multiple hands on training products from multiple providers. You get the world's largest catalog of video based security training and you get unlimited live online training classes all in one singular catalog, right on cyber Eri, Thanks for being a valued member of cyber very all right. So important for us for the exam. Of course.
What are our responsibilities
as schism in relation to the incident response function?
Well, first thing is, we're responsible for the development of incident management policy. Now, that may not be totally on our shoulders. We're gonna work with senior management on that and certainly they're gonna have to get final approval. But at the very least, we're gonna have a tremendous amount of input.
Here's where we're going to set the expectations and lay out the guidelines and procedures processes for making sure that the service is that air provided to the business are consistent and reliable. Even in the event of an incident,
we're gonna make sure that roles and responsibilities are well documented. So people know what they're doing and what they're expected to do
on. And then we'll make sure that part of our policy includes any sort of requirements if we're going to have alternatives to critical functions. If there's been some sort of compromise or damage when we need to make sure that the alternatives we configure
are going to meet the requirements right, they're gonna meet that criteria that's met. So that has to be defined.
Other things that were going to do is we're gonna work on developing the incident management and incident response plans, of course,
Coordinate the activities. Yeah, The schism has a lot of responsibility with incident response. That's why it's a significant capacity exam.
Um, making sure that the counter measures that are put in place are both verified and validated.
And when we talk about verification, we're looking to find out. Did we do it correctly?
So did we follow the processes per the plan
and then validation is Did it work
in a perfect world? If we did it right, then we would have done the right thing. Does that make sense? But sometimes we verify, find out. We followed all the steps correctly and it didn't work is intended. So that's the difference between verification and validation.
All right. And then we help with budgeting and development for all these matters that are related to information security in the event offenses.
Now, in addition to defining what the system does, of course, there other parties in the organization that are gonna have large contributing factors. So just to talk about the incident management, the response teams a little bit. The first thing that we want to look at is the emergency action team.
These are the folks that come on. They're sort of the first responders. They're gonna help evacuate the building. And their focus is gonna be on the safety of people first and always first and then the preservation of organizational assets as well. But that's always secondary
two per serving human life.
So these are the folks that maybe you're wearing the orange safety vests and that are using flashlights toe like the hallway. These air, the folks that may be involved in helping any employees that have physical challenges to evacuate. They may be the folks counting heads in the parking lot.
Um, they also maybe the folks that are tasked with activities like
crashing the server room and often in the server room. We talk about crashing it. Sometimes there's even just a button that you press in an emergency to power down everything. If we're gonna dump 50 gallons of 50,000 gallons of water to suppress a fire, we want to make sure those servers are up and running.
that's the emergency action team right there. First responders.
Now, the damage assessment team.
They're going to do pretty much what it sounds like. They're going to come in after the fact, and they're gonna look at the damage, and they're gonna help us figure out. Of course, they have to be qualified. This is an estimation process. These air, the folks that are gonna go in and give us a quantifiable report based on the data
how much damage was done, what elements could be recovered or restored? What out? Elements are not salvageable.
The emergency management team is gonna coordinate all our other teams.
And these are gonna be the key decision makers in the process. So, for instance, if the damage assessment team can't quite determine if it's worth restoring a resource or just counting it as a loss, the emergency management team may be consulted and focus on that management team piece. They're the managers in the event of a recovery
and should be skilled.
Coordinate across all the tapes
In the event of a major incident which again could rapidly turn into a disaster, we may have to relocate for a temporary period. So it's that relocation team that's responsible for a graceful transfer and migration of service is perhaps to an off site facility.
Also, the relocation team is gonna be responsible for the migration and the transfer back as well. So it's a lot of effort on the relocation tape and then
the security team who's often called the CERT the Computer Incident Response Team. You could see cults Ceasar computer Security Incident Response team,
but ultimately they are responsible for managing the C. I A. Triad
as applicable with local laws and regulations. They are responsible for ensuring the security of our data. Our communication links contained those security threats and making sure that any issues that might potentially slow recovery down
their job is to make sure there's issues of results.