Build the Capability to Detect, Triage, and Respond

Explore a comprehensive 46-minute conference talk from BSides Tampa 2017 that delves into building capabilities for detecting, triaging, and responding to security incidents. Learn about defining roles and functions, handling known malware samples, enforcing business rules through policies and standards, and implementing effective collection methods. Test your knowledge with incident scoring techniques and understand the logic behind identifying Events of Interest (EOI) for triage. Discover the importance of planning for response and how to prepare for potential failures, emphasizing that learning from mistakes strengthens your security posture. Gain valuable insights into the iterative process of improving incident response capabilities in this informative presentation.

Have Fun Defining Roles and Functions
The easy stuff Known Malware samples (infected machines)
Enforce Business Rules - Policy and Standards
Collection
Test Your Knowledge.....
Incident scoring Know your logic
Event of Interest (EOI) Triage
Planning --→ Response
Be Prepared to Fail, fail and fail again What doesn't get you fired makes your stronger....