Incident Response Planning

Learn how to effectively create, provision, and operate a formal incident response capability within your organization.

Introduction

• Overview
• Why do you need a plan?
• Lifecycle of an incident response
• Review: Introduction

1. Incident Response Planning

• Incident response planning
• Events and incidents
• Policy, plans, and procedures
• Policy elements
• Plan elements
• Procedure elements
• Review: Incident response planning

2. Incident Response Team

• Incident response team
• Incident response team structure
• Types of teams
• Selecting a team model
• Team members
• Leading a team
• Organizational dependencies
• Review: Incident response team

3. Communication

• Communication
• Coordinating your efforts
• Internal information sharing
• Business impact analysis
• Technical analysis
• External information sharing
• Review: Communication

4. Preparation

• Preparation
• Communications and facilities
• Hardware and software
• Technical resources and information
• Software resources
• Incident prevention
• Review: Preparation

5. Detection and Analysis

• Detection and analysis
• Attack vectors
• Detecting an incident
• Indicators of compromise
• Conducting analysis
• Documenting the incident
• Prioritizing the incident
• Notification procedures
• Review: Detection and analysis

6. Containment, Eradication, and Recovery

• Containment, eradication, and recovery
• Containment strategy
• Evidence collection and handling
• Identifying the attacker
• Eradication and recovery
• Review: Containment, eradication, and recovery

7. Post-Incident Activity

• Post-incident activity
• Lessons learned
• Metrics and measures
• Evidence retention
• Calculating the cost
• Review: Post-incident activity

Conclusion

• What to do next