In this video, discover the need for an organization to create an incident response plan, including the financial benefits and the resulting speed of recovery that occurs from a well thought out plan.
- [Instructor] You need an incident response plan. It's really as simple as that, but let's discuss why for just a moment here. Depending on your organization, you may be required to have an incident response plan. For example, if you happen to work for a federal government agency, your organization is required to develop and establish both an incident response plan and an incident response capability under the provisions of the Federal Information Security Management Act, also known as FISMA. So if you work for the federal government, there really is no way around this. According to congressional law, you must have an incident response plan. But what if you work in the commercial sector? Do you need to have an incident response plan? Well you should, but you're not necessarily legally obligated to have one. With that said, it's considered a best practice in the industry to have an incident response plan because it's much more effective and less costly to prevent problems instead of reacting to problems. Unfortunately, these days it's really not a matter of if an incident is going to happen within your organization. It's more a matter of when. Incidents can be caused by many different things, including external or removable media being inserted into your workstation, phishing, spear phishing, or whaling attacks, web-based applications with embedded malware in them, brute force attacks and denial of service, improper usage by authorized employees, or the loss or theft of equipment. There's also many other factors that don't fit cleanly into one of these categories that also could cause an incident for you. These days, it seems you can't even turn on the news or scroll your favorite social media site without hearing about the latest data breach that's happened. In 2018 alone, over 4.5 billion users were affected by data breaches and cyber attacks, and the trend isn't slowing down any time soon. Now the number of data breaches has been declining slightly, but the cost to clean up these data breaches and the amount of data being lost has been skyrocketing. Because of all of this, it's imperative that your organization develop a well thought out incident response plan on how you're going to handle an incident this plan will document your organization's preplanned responses and your capabilities for working with other outside parties before, during, and after an incident. This might include outside contractors like incident response teams, law enforcement, the press, your suppliers, your partners, and of course the victims. there are a lot of moving parts. And if you already have a process and a plan in place, it makes this chaotic and stressful time just a little less hectic and a lot more effective.
- Differences between events and incidents
- Elements of policies, plans, and procedures
- The structure of the incident response team
- Selecting a team model
- Leading a team during an incident
- Internal information sharing
- Incident prevention
- Detection and analysis
- Containment, eradication, and recovery
- Calculating the cost of an incident