0% found this document useful (0 votes)

16 views23 pages

002 - Cybersecurity Fundamentals Incident Response BCP DRP

The document discusses incident response concepts including terminology, goals of incident response, components of an incident response plan including preparation, detection and analysis, containment, eradication, recovery, and post-incident activities. It also discusses incident response teams, business continuity, and disaster recovery plans.

Uploaded by

ipnuippnuksbn

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

16 views23 pages

002 - Cybersecurity Fundamentals Incident Response BCP DRP

Uploaded by

ipnuippnuksbn

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 23

Module 2 : Incident Response, Business Continuity and Disaster Recovery

Concepts
INCIDENT TERMINOLOGY :
BREACH
INCIDENT
TERMINOLOGY :
EVENT
INCIDENT
TERMINOLOGY :
EXPLOIT
INCIDENT
TERMINOLOGY :
INCIDENT
INCIDENT
TERMINOLOGY :
INTRUSION
INCIDENT
TERMINOLOGY
: THREAT
INCIDENT
TERMINOLOGY :
VULNERABILITY
INCIDENT
TERMINOLOGY :
ZERO DAY
THE GOAL OF INCIDENT RESPONSE

• it is inevitable that adverse events will happen that have the potential
to affect the business mission or objectives.
• The priority of any incident response is to protect life, health and safety.
When any decision related to priorities is to be made, always choose
safety first.
• The primary goal of incident management is to be prepared.
Preparation requires having a policy and a response plan that will lead
the organization through the crisis.
• Every organization must have an incident response plan that will help
preserve business viability and survival.
• The incident response process is aimed at reducing the impact of an
incident
• incident response planning is a subset of the greater discipline
of business continuity management (BCM)
COMPONENTS
OF THE
INCIDENT
RESPONSE
PLAN
PREPARATION

• Develop a policy approved by

management.
• Identify critical data and systems,
single points of failure.
• Train staff on incident response.
• Implement an incident response
team. (covered in subsequent topic)
• Practice Incident Identification. (First
Response)
• Identify Roles and Responsibilities.
• Plan the coordination of
communication between
stakeholders.
DETECTION AND ANALYSIS

Monitor Monitor all possible attack vectors.

Analyze Analyze incident using known data and threat intelligence.

Prioritize Prioritize incident response.

Standardize Standardize incident documentation.

CONTAINMENT

GATHER EVIDENCE. CHOOSE AN APPROPRIATE IDENTIFY THE ATTACKER. ISOLATE THE ATTACK.
CONTAINMENT STRATEGY.
ERADICATION

Identify and mitigate all vulnerabilities that were Remove malware, inappropriate materials, and If more affected hosts are discovered (for example,
exploited. other components. new malware infections), repeat the detection and
analysis steps to identify all other affected hosts,
then contain and eradicate the incident for them.
RECOVERY

Enacting extreme care during the

Removing malicious content from Rechecking, testing, and verifying all recovery and restoration process so
infected systems components for functionality information systems are reliable
once more

Designing procedures that help Creating a written record of

Implementing a systematic approach
return information systems to full platforms and processes for testing
to testing, monitoring, and validating
functionality (e.g., establishing an and verification of restored systems
data systems to avoid future
agreed-upon timeframe to restore to provide guidelines for managing
compromise
data systems for use) another intrusion should it occur
POST-INCIDENT ACTIVITIES

IDENTIFY EVIDENCE THAT DOCUMENT LESSONS

MAY NEED TO BE RETAINED. LEARNED.
INCIDENT RESPONSE TEAM

Computer Incident Response Team Computer Security Incident Response Responsibilities :

(CIRT) Team (CSIRT)
Determine the amount and scope of damage caused
by the incident.
Determine whether any confidential information was
compromised during the incident.
Implement any necessary recovery procedures to
restore security and recover from incident-related
damage.
Supervise the implementation of any additional
security measures necessary to improve security and
prevent recurrence of the incident.
Representative(s) of senior management

INCIDENT Information security professionals

RESPONSE
Legal representatives
TEAM
MEMBERS Public affairs/communications representatives

Engineering representatives (system and

network)
THE IMPORTANCE OF BUSINESS CONTINUITY

to sustain business operations while Key part : communication

recovering from a significant disruption.
COMPONENTS OF
BUSINESS CONTINUITY PLAN
Immediate response procedures
and checklists (security and
List of the BCP team members, safety procedures, fire Notification systems and call
including multiple contact suppression procedures, trees for alerting personnel that
methods and backup members notification of appropriate the BCP is being enacted
emergency-response agencies,
etc.)

Contact numbers for critical

Guidance for management, members of the supply chain
including designation of authority How/when to enact the plan (vendors, customers, possible
for specific managers external emergency providers,
third-party partners)
THE GOAL OF DISASTER RECOVERY

the Disaster recovery plan (DRP) guides the actions of emergency

response personnel until the end goal is reached—which is to
see the business restored to full last-known reliable operations.

Disaster recovery refers specifically to restoring the information

technology and communications services and systems needed by
an organization, both during the period of disruption caused by
any event and during restoration of normal services.
COMPONENTS OF DISASTER RECOVERY PLAN
• Executive summary providing a high-level overview of the plan
• Department-specific plans
• Technical guides for IT personnel responsible for implementing and maintaining critical backup
systems
• Full copies of the plan for critical disaster recovery team members
• Checklists for certain individuals:
o Critical disaster recovery team members will have checklists to help guide their actions amid
the chaotic atmosphere of a disaster.
o IT personnel will have technical guides helping them get the alternate sites up and running.
o Managers and public relations personnel will have simple-to-follow, high-level documents to
help them communicate the issue accurately without requiring input from team members
who are busy working on the recovery.

DisasterRecovery BusinessContinuity
100% (1)
DisasterRecovery BusinessContinuity
66 pages
Thor's+Study+Guide+ +CC+Domain+2
No ratings yet
Thor's+Study+Guide+ +CC+Domain+2
19 pages
Domain 2
No ratings yet
Domain 2
4 pages
Chapter 2 - Summary
No ratings yet
Chapter 2 - Summary
4 pages
Contigency Planning
No ratings yet
Contigency Planning
63 pages
ISC2 CC Domain2 Incident Response, Business Continuity (BC) and Disaster Recovery (DR) Concepts
No ratings yet
ISC2 CC Domain2 Incident Response, Business Continuity (BC) and Disaster Recovery (DR) Concepts
3 pages
Backup Security Measures
No ratings yet
Backup Security Measures
6 pages
Modul 3 Contingency Planning Part 2
No ratings yet
Modul 3 Contingency Planning Part 2
26 pages
The Overall Planning For Unexpected Events Is Contingency Planning (CP), Explain THREE (3) Components of Contingency Planning With Action Plan
No ratings yet
The Overall Planning For Unexpected Events Is Contingency Planning (CP), Explain THREE (3) Components of Contingency Planning With Action Plan
2 pages
W4 Crisis Management and Contingency Planning - PPT
No ratings yet
W4 Crisis Management and Contingency Planning - PPT
49 pages
CISSP - 9 Buisiness Continuity & Disaster Recovery Planning
100% (5)
CISSP - 9 Buisiness Continuity & Disaster Recovery Planning
53 pages
BCP DRP
No ratings yet
BCP DRP
21 pages
Chapter 2 - ISC2
No ratings yet
Chapter 2 - ISC2
2 pages
Day 6
No ratings yet
Day 6
27 pages
CC Domain2
No ratings yet
CC Domain2
45 pages
Chapter 5 Reviewer - Incident Response and Contingency Planning
No ratings yet
Chapter 5 Reviewer - Incident Response and Contingency Planning
5 pages
Domain 2
No ratings yet
Domain 2
2 pages
Chapter 11 Lecture Topics
No ratings yet
Chapter 11 Lecture Topics
25 pages
Continuity and Recovery Policy Template
No ratings yet
Continuity and Recovery Policy Template
4 pages
Contingency Planning
No ratings yet
Contingency Planning
6 pages
Disaster Recovery and Incident Response
No ratings yet
Disaster Recovery and Incident Response
37 pages
Clear Your Knowledge On IRP DRP BCP
No ratings yet
Clear Your Knowledge On IRP DRP BCP
5 pages
Business Continuity in Action
No ratings yet
Business Continuity in Action
59 pages
Chapter 6 Incident Managment Business Continutiy and Disaster Recovery
No ratings yet
Chapter 6 Incident Managment Business Continutiy and Disaster Recovery
109 pages
CECR 2003 - Lecture 10
No ratings yet
CECR 2003 - Lecture 10
32 pages
BCP DR
No ratings yet
BCP DR
52 pages
Thor's Quick Sheets - CC Domain 2
No ratings yet
Thor's Quick Sheets - CC Domain 2
6 pages
CISA Exam Domain 4 BCP DRP 1688478977
No ratings yet
CISA Exam Domain 4 BCP DRP 1688478977
7 pages
Risk Management and BC
No ratings yet
Risk Management and BC
25 pages
Systems Availability and Business Continuity: Chapter Four Prepared By: Raval, Fichadia
No ratings yet
Systems Availability and Business Continuity: Chapter Four Prepared By: Raval, Fichadia
26 pages
9-BCP DRP
100% (1)
9-BCP DRP
67 pages
Chapter 6
No ratings yet
Chapter 6
16 pages
ISC2 2 Incident Response, Business Continuity and Disaster Recovery Concepts
100% (1)
ISC2 2 Incident Response, Business Continuity and Disaster Recovery Concepts
13 pages
ISO
No ratings yet
ISO
29 pages
L2 IncidentResponse BusinessContinuity
No ratings yet
L2 IncidentResponse BusinessContinuity
6 pages
Incident Response, BC, and DR Concepts
No ratings yet
Incident Response, BC, and DR Concepts
29 pages
2023+CC+Domain+2+Study+Guide+by+ThorTeaches Com+v1 1
No ratings yet
2023+CC+Domain+2+Study+Guide+by+ThorTeaches Com+v1 1
17 pages
CISSP - 9 Buisiness Continuity & Disaster Recovery Planning
100% (1)
CISSP - 9 Buisiness Continuity & Disaster Recovery Planning
53 pages
Module VII - BCP
No ratings yet
Module VII - BCP
132 pages
Domain 7 Security Operations
No ratings yet
Domain 7 Security Operations
24 pages
Lecture 10
No ratings yet
Lecture 10
10 pages
Cybersecurity Planning For Contingencies
No ratings yet
Cybersecurity Planning For Contingencies
3 pages
Business Continuity and Information Security
No ratings yet
Business Continuity and Information Security
14 pages
L2 Incident Response
No ratings yet
L2 Incident Response
9 pages
Cisa Module 4 Part B - Business Resilience
No ratings yet
Cisa Module 4 Part B - Business Resilience
31 pages
Business Continuity & Disaster Recovery Planning: Information Security
100% (2)
Business Continuity & Disaster Recovery Planning: Information Security
56 pages
CBCI - Example BCM Policy Framework
No ratings yet
CBCI - Example BCM Policy Framework
11 pages
Business Continuity and IS Training Template
No ratings yet
Business Continuity and IS Training Template
14 pages
Disaster Recovery Audit Work Program - 0
No ratings yet
Disaster Recovery Audit Work Program - 0
34 pages
BCP DR Planning
No ratings yet
BCP DR Planning
20 pages
Lab #8: Develop An Outline For A Business Continuity Plan For An It Infrastructure
No ratings yet
Lab #8: Develop An Outline For A Business Continuity Plan For An It Infrastructure
6 pages
Business Continuity& Disaster Recovery Planning
No ratings yet
Business Continuity& Disaster Recovery Planning
18 pages
Information Security Management: Planning For Contingencies
No ratings yet
Information Security Management: Planning For Contingencies
49 pages
3 BCM Methodology
100% (2)
3 BCM Methodology
59 pages
CC7178 Cyber Security Management: Presenter: Kiran Kumar Shah
No ratings yet
CC7178 Cyber Security Management: Presenter: Kiran Kumar Shah
21 pages
SLA, Disaster Recovery, BCP and Risk
100% (1)
SLA, Disaster Recovery, BCP and Risk
21 pages
Continuity Strategies
No ratings yet
Continuity Strategies
5 pages
BCG Executive Perspectives CEOs Dilemma Transform For Resilience
100% (1)
BCG Executive Perspectives CEOs Dilemma Transform For Resilience
27 pages
10-Cisa It Audit - BCP and DRP
No ratings yet
10-Cisa It Audit - BCP and DRP
27 pages
Isc Chapter 2
No ratings yet
Isc Chapter 2
19 pages
Experiment 8: BCP-DR: Information Security 2019-20
No ratings yet
Experiment 8: BCP-DR: Information Security 2019-20
6 pages
K012581 8.0 Manage Information Technology (IT) 0
No ratings yet
K012581 8.0 Manage Information Technology (IT) 0
42 pages
Cissp Issmp
No ratings yet
Cissp Issmp
106 pages
Operational Technology Cybersecurity
No ratings yet
Operational Technology Cybersecurity
32 pages
Project Plan For Implementation of The Information Security Management System
0% (1)
Project Plan For Implementation of The Information Security Management System
7 pages
Session 6 - IT Governance
No ratings yet
Session 6 - IT Governance
42 pages
Auditing Business Continuity
No ratings yet
Auditing Business Continuity
6 pages
Barrio-Chicken Inasal Feasibility Study
No ratings yet
Barrio-Chicken Inasal Feasibility Study
53 pages
Incident Management Incident Response Plan
No ratings yet
Incident Management Incident Response Plan
14 pages
Commvault Simplified Packaging Q3FY24
No ratings yet
Commvault Simplified Packaging Q3FY24
18 pages
Chapter 2 - Incident Response, Business Continuity and Disaster Recovery Concepts
No ratings yet
Chapter 2 - Incident Response, Business Continuity and Disaster Recovery Concepts
12 pages
Module 6 PPT Content
No ratings yet
Module 6 PPT Content
3 pages
Data Security 2 Marks
No ratings yet
Data Security 2 Marks
12 pages
Rational Cyber Security For Business 1st Edition by Daniel Blum 1484259513 978-148425951 PDF Download
100% (1)
Rational Cyber Security For Business 1st Edition by Daniel Blum 1484259513 978-148425951 PDF Download
52 pages
GIS in DM
No ratings yet
GIS in DM
11 pages
Storage Technologies QP
No ratings yet
Storage Technologies QP
16 pages
Database Server Disaster Recovery Plan Presentation
No ratings yet
Database Server Disaster Recovery Plan Presentation
9 pages
Paytm Hypothetical Case
No ratings yet
Paytm Hypothetical Case
13 pages
The Resilience Revolution Is Here PWC Indias Crisis and Resilience Survey 2023
No ratings yet
The Resilience Revolution Is Here PWC Indias Crisis and Resilience Survey 2023
12 pages
4 BCP DRP Chart by Ashik Babu
No ratings yet
4 BCP DRP Chart by Ashik Babu
1 page
SND Approved DND Proper PSCP Official Draft (Attachment)
No ratings yet
SND Approved DND Proper PSCP Official Draft (Attachment)
72 pages
Jamil Khaled IT 3
No ratings yet
Jamil Khaled IT 3
15 pages
Business Continuity Plan
No ratings yet
Business Continuity Plan
7 pages
Temperature Recording System
No ratings yet
Temperature Recording System
12 pages
Algorithmic Strategiesin High Frequency Trading AComprehensive Reviews
No ratings yet
Algorithmic Strategiesin High Frequency Trading AComprehensive Reviews
9 pages
5 ITE403 Whitman Ch04 W4C2
No ratings yet
5 ITE403 Whitman Ch04 W4C2
32 pages
Ffiec Cat App B Map To Nist CSF June 2015 Pdf4
No ratings yet
Ffiec Cat App B Map To Nist CSF June 2015 Pdf4
35 pages
Republic of The Philippines City of Olongapo Olongapo City Sports Complex, East Tapinac, Olongapo City Tel. No. (047) 224-2089 Loc. 314
No ratings yet
Republic of The Philippines City of Olongapo Olongapo City Sports Complex, East Tapinac, Olongapo City Tel. No. (047) 224-2089 Loc. 314
12 pages

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

002 - Cybersecurity Fundamentals Incident Response BCP DRP

Uploaded by

002 - Cybersecurity Fundamentals Incident Response BCP DRP

Uploaded by

Module 2 : Incident Response, Business Continuity and Disaster Recovery

• Develop a policy approved by

Monitor Monitor all possible attack vectors.

Analyze Analyze incident using known data and threat intelligence.

Prioritize Prioritize incident response.

Standardize Standardize incident documentation.

Enacting extreme care during the

Designing procedures that help Creating a written record of

IDENTIFY EVIDENCE THAT DOCUMENT LESSONS

Computer Incident Response Team Computer Security Incident Response Responsibilities :

INCIDENT Information security professionals

Engineering representatives (system and

to sustain business operations while Key part : communication

Contact numbers for critical

the Disaster recovery plan (DRP) guides the actions of emergency

Disaster recovery refers specifically to restoring the information

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.