Ready for - Nearly Anything - Preparing Your Organisation for a Cyber Incident

Discover the essential components of effective cyber incident preparation in this 25-minute conference talk from Security BSides London. Learn about the five key elements cyber security teams should implement to enhance their incident response capabilities. Explore documented processes for decision-making, the importance of skilled personnel, proper log management, containment and eradication technologies, and coordination tools. Gain insights into the hierarchy of incident response processes, resource allocation, crucial roles, log storage best practices, and various containment strategies. Equip your organization with the knowledge to navigate the increasingly complex landscape of data protection laws and public scrutiny surrounding cyber incidents.

Introduction
Let's talk about cyber incidents
Five things to prepare for a cyber incident
Key processes for an incident response team
The hierarchy of incident response processes
Resourcing an incident response function
Roles required for incident response
What logs to store?
How long to store logs for?
Host-based containment and eradication
Network-based containment and eradication
Identity-based containment and eradication
Coordination technology
Any questions?