IT Incident Response Planning 2013

10

Click here to load reader

description

IRP phases include: Recovery and Preservation of Evidence, Containment Strategy, Evidence gathering and handling, Identification of source, Eradication, Recovery, Testing

Transcript of IT Incident Response Planning 2013

Page 1: IT Incident Response Planning 2013

©2013 Maze & Assoc ia tes

Incident Response

Page 2: IT Incident Response Planning 2013

©2013 Maze & Assoc ia tes

Computer Security Incident Handling Guide

Computer Security Incident Handling GuideRecommendations of the National Institute of Standards and Technology (NIST)NIST SP 800-61 Revision 2 August 2012

Page 3: IT Incident Response Planning 2013

©2013 Maze & Assoc ia tes

Incident Response Process

Page 4: IT Incident Response Planning 2013

©2013 Maze & Assoc ia tes

Preparation “An ounce of preparation is worth a bound of cure”

“The more you sweat in training the less you bleed in battle.”

You can’t plan for everything, but you can have a strategy to cover just about anything

Page 5: IT Incident Response Planning 2013

©2013 Maze & Assoc ia tes

Preparation Understand the need and requirements Creating Incident Response Policy, Plan, and Procedures

Forming Incident Response Team Training, CIRT – End Users Preventing Incidents – Controls Asset Inventory

Page 6: IT Incident Response Planning 2013

©2013 Maze & Assoc ia tes

Detection and Analysis Signs of an Incident Precursors and Indicators Attack Vectors Incident Analysis Incident Documentation Incident Prioritization Notification – Call Tree and Assistance

Page 7: IT Incident Response Planning 2013

©2013 Maze & Assoc ia tes

Containment, Eradication, and Recovery Recovery and Preservation of Evidence Containment Strategy Evidence gathering and handling Identification of source Eradication Recovery Testing

Page 8: IT Incident Response Planning 2013

©2013 Maze & Assoc ia tes

Post-Incident Activities After Action Report Evaluating Evidence – Root Cause Analysis Control Evaluation Evidence Retention Notification – affected parties

Page 9: IT Incident Response Planning 2013

©2013 Maze & Assoc ia tes

Communications with Outside Parties

Page 10: IT Incident Response Planning 2013

©2013 Maze & Assoc ia tes

External Assistance