IT Incident Response Planning 2013
10
Click here to load reader
-
Upload
donald-hester -
Category
Technology
-
view
120 -
download
2
description
IRP phases include: Recovery and Preservation of Evidence, Containment Strategy, Evidence gathering and handling, Identification of source, Eradication, Recovery, Testing
Transcript of IT Incident Response Planning 2013
©2013 Maze & Assoc ia tes
Incident Response
©2013 Maze & Assoc ia tes
Computer Security Incident Handling Guide
Computer Security Incident Handling GuideRecommendations of the National Institute of Standards and Technology (NIST)NIST SP 800-61 Revision 2 August 2012
©2013 Maze & Assoc ia tes
Incident Response Process
©2013 Maze & Assoc ia tes
Preparation “An ounce of preparation is worth a bound of cure”
“The more you sweat in training the less you bleed in battle.”
You can’t plan for everything, but you can have a strategy to cover just about anything
©2013 Maze & Assoc ia tes
Preparation Understand the need and requirements Creating Incident Response Policy, Plan, and Procedures
Forming Incident Response Team Training, CIRT – End Users Preventing Incidents – Controls Asset Inventory
©2013 Maze & Assoc ia tes
Detection and Analysis Signs of an Incident Precursors and Indicators Attack Vectors Incident Analysis Incident Documentation Incident Prioritization Notification – Call Tree and Assistance
©2013 Maze & Assoc ia tes
Containment, Eradication, and Recovery Recovery and Preservation of Evidence Containment Strategy Evidence gathering and handling Identification of source Eradication Recovery Testing
©2013 Maze & Assoc ia tes
Post-Incident Activities After Action Report Evaluating Evidence – Root Cause Analysis Control Evaluation Evidence Retention Notification – affected parties
©2013 Maze & Assoc ia tes
Communications with Outside Parties
©2013 Maze & Assoc ia tes
External Assistance
