In this video, discover the structure of the team, including the different position that you may wish to include.
- [Instructor] An incident response team consists of one or more team members, depending that you're responding to. Essentially, when the incident is first detected, the normal incident handling procedures are going to be followed. Based on your organization's instant handling procedures, of an incident and the severity of that incident, and then determine whether or not to activate the security incident response team. The incident response team is available to respond to any incident that meets the severity and priority thresholds that are set out by your incident response policy and plan. that your organization believes are needed, that I would recommend that you include. First, you need to have an incident response manager This person is going to oversee and prioritize the actions that occur during the detection, analysis and containment of an incident. This is a position that I have personally filled numerous times, and I can tell you, it's a difficult position for conveying information about the response into the role of being the public face in regards to the incident. analysts assigned, that way they can help work directly on the affected network and play the detective role in order to determine what happened up to this point. Security analysts may be assigned into two categories, although some analysts are able to work in both categories simultaneously when dealing with a smaller-scale incident. These two categories are the triage analyst, A triage analyst is assigned to work on the network during their incident response. They're going to help filter out false positives by properly-configuring intrusion detection and protection systems, as well as performing any new or potential intrusions during your response efforts. is focused on the detective work what actually occurred on the network. to build out a timeline of the events that occurred leading up to the incident itself. by providing threat intelligence and overall context during your incident response. These specialists work to always remain as well as keeping up with previous incidents that have occurred in the past. I like to think of these folks as both a combination of a futurist in terms of guessing what the bad guys might do next, and a historian, since they know what the bad guys have done in the past too. or executive team, someone from Human Resources if you're dealing with an incident that involves corporate employees, an attorney or a lawyer in case against the perpetrator or needs to defend itself from liability. Maybe somebody from public relations if you expect media interest to occur because of this incident. Or maybe even some system administrators, network administrators, or database administrators. If your team will be responsible for the recovery back to normal operations as part of the overall response too. you really need for a certain incident, and then you can deputize additional support from across your organizational staff as you need during your incident response.
- Differences between events and incidents
- Elements of policies, plans, and procedures
- The structure of the incident response team
- Selecting a team model
- Leading a team during an incident
- Internal information sharing
- Incident prevention
- Detection and analysis
- Containment, eradication, and recovery
- Calculating the cost of an incident