In this video, learn about the different elements of a policy, including a statement of commitment, purpose, objectives, scope, definitions, roles and responsibilities, prioritization, performance measures, and reporting.
This includes the statement of commitment, the purpose, … the performance measures and the reporting requirements. … Let's take a look at each of these elements. … This essentially states under whose authority this document … is being published and the level of executive commitment … that's being placed behind it. … It's often common for this policy to be released … by somebody in the C-suite, … such as the chief executive officer, … or the chief operating officer. … By having the statement of commitment, … it lets employees know that the top management cares … The next element of the policy is purpose. … why you're writing the policy to begin with. … For example, your purpose might state, this document defines … the policy for addressing security incidents … through appropriate and organized … incident response procedures. … Next, we have the objectives. … The objectives will define what we're trying to achieve … by implementing this policy. … This goes a bit deeper into your why, than the purpose did. …
Author
Jason Dion
Released
6/21/2019- Differences between events and incidents
- Elements of policies, plans, and procedures
- The structure of the incident response team
- Selecting a team model
- Leading a team during an incident
- Internal information sharing
- Incident prevention
- Detection and analysis
- Containment, eradication, and recovery
- Calculating the cost of an incident
Skill Level Beginner
Duration
Views
-
Introduction
-
The need for a plan2m 34s
-
1. Incident Response Planning
-
Events and incidents4m 56s
-
Elements of a policy6m 12s
-
Elements of a plan5m 13s
-
Elements of a procedure3m 42s
-
-
2. Incident Response Team
-
Different team models6m 46s
-
Selecting a team model6m 3s
-
Incident response personnel5m 13s
-
Organizational dependencies6m 23s
-
3. Communication
-
Coordinating your efforts3m 58s
-
Internal information sharing3m 33s
-
Business impact analysis1m 48s
-
Technical analysis4m 4s
-
External information sharing3m 57s
-
-
4. Preparation
-
Preparation2m 14s
-
Hardware and software4m 22s
-
Software resources2m 56s
-
Incident prevention6m 34s
-
-
5. Detection and Analysis
-
Attack vectors5m 18s
-
Detecting an incident4m 25s
-
Indicators of compromise3m 50s
-
Conducting analysis5m 30s
-
Documenting the incident3m 21s
-
Prioritizing the incident5m 28s
-
Notification procedures2m 11s
-
-
6. Containment, Eradication, and Recovery
-
Containment strategies6m 29s
-
Identifying the attacker3m 4s
-
Eradication and recovery4m 54s
-
-
7. Post-Incident Activity
-
Lessons learned3m 48s
-
Metrics and measures3m 15s
-
Retaining the evidence2m 9s
-
Calculating the cost2m 10s
-
-
Conclusion
-
What to do next2m 17s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Elements of a policy