Talk in English - US at OpenWest Conference 2017
Track Name:
HALL2 - Security
Short URL: https://joind.in/talk/66d11
(QR-Code (opens in new window))
It's better to be informed and prepared for an incident or disaster than to be forced to react when the time comes. Being responsible for a network and company or customer data puts an onus on you to know what to do when something goes wrong. My presentation is designed to make you aware of some of that technical debt that is incurred with technology, and ways to plan for managing an incident when one comes up. This is pure blue team stuff; Incident Response and/or Disaster Recovery.
Outline:
Six Steps of Incident Management
Step 1 Preparation
1. NTP
2. Policy
3. Centralized Logging
4. Identity Management
5. System or Service Account Management
6. Jump Bag
7. Out-of-Band Communications
8. Helpdesk
9. Incident Response Team Issues
10. Key Decisions to be made
Step 2 Identification
1. Initial Determination
2. Assignment
3. Survey Identification Points
4. Decision Time
Step 3 Containment
1. Characterize the Incident
2. Notification
3. Immediate Action
4. Initial Data Collection
5. Immediate Isolation
Step 4 Eradication
1. Root Cause Identification
2. Determine Rootkit potential
3. Improve Defenses
4. Vulnerability Analysis
Step 5 Recovery
1. Validation
2. Restore Operations
3. Implement Monitoring
Step 6 Lessons Learned
1. Management Satisfaction
Assessing the Impact of a Security Incident
Assessing Impact
Effects
Essential Paperwork
Regulatory Mandates
Chain of Custody/Evidence
[99]
Comments
Comments are closed.