preparing for failure - best practise for incident response

Report

Post on 08-May-2015

814 Views

Category:

Technology

1 Downloads

Preview:

Click to see full reader

DESCRIPTION

An overview of the steps you should consider when setting up your incident response function.

TRANSCRIPT

Helping You Piece IT Together

http://www.bhconsulting.ie info@bhconsulting.ie

Preparing for Failure - What to do When Your Security is Breached

Infosec Professional Certainties

Why Care About Information Security?

http://www.boards.ie/?

Typical IT Security

But …

Controls Will be Bypassed

Traditional Incident Response

Adhoc & Unplanned

Deal with it as it happens

Prolonged Recovery Times

Damage to Company

Lack of Metrics

Legal Issues

Bad Guys/Gals Getting Away

You In Line Of Fire

Why Improve Incident Response?

Establish Team

Information Security Operations Human

Resources Legal Public Relations

Facilities Management

Set up Alerting Mechanisms

Identify Tools

Don’t Forget

Standard Operating Procedures

Agree Authority of IRT

Establish External Relationships

Practise Makes Perfect

Review & Measure

Continuous Improvement

Develop

IR Policy

Create IRT

Develop SOPsTEST

Update

Disclosure ??

Considerations

More information

CSIRT Handbookhttp://www.cert.org/archive/pdf/csirt-handbook.pdf

Forming an Incident Response Teamhttp://www.auscert.org.au/render.html?it=2252

Incident Response White Paper – BH Consulting

http://www.bhconsulting.ie/Incident%20Response%20White%20Paper.pdf

RFC2350: Expectations for Computer Security Incident Responsehttp://www.rfc-archive.org/getrfc.php?rfc=2350

Organisational Models for Computer Security Incident Response Teams

http://www.cert.org/archive/pdf/03hb001.pdf

The SANS Institute’s Reading Roomhttp://www.sans.org/reading_room

http://www.cert.org/archive/pdf/csirt-handbook.pdf
http://www.auscert.org.au/render.html?it=2252
http://www.bhconsulting.ie/Incident%20Response%20White%20Paper.pdf
http://www.rfc-archive.org/getrfc.php?rfc=2350
http://www.cert.org/archive/pdf/03hb001.pdf
http://www.sans.org/reading_room

More Resources

Guidelines for Evidence Collection and Archiving (RFC 3227)

http://www.ietf.org/rfc/rfc3227.txt

Resources for Computer Security IncidentResponse Teams (CSIRTs)

http://www.cert.org/csirts/resources.html

RFC 2196: Site Security Handbookhttp://www.faqs.org/rfcs/rfc2196.html

ENISA Step by Step Guide for setting up CERTShttp://enisa.europa.eu/doc/pdf/deliverables/enisa_csirt_setting_up_guide.pdf

CSIRT Case Classification (Example for enterprise CSIRT)http://www.first.org/resources/guides/csirt_case_classification.html

http://www.ietf.org/rfc/rfc3227.txt
http://www.cert.org/csirts/resources.html
http://www.faqs.org/rfcs/rfc2196.html
http://enisa.europa.eu/doc/pdf/deliverables/enisa_csirt_setting_up_guide.pdf
http://www.first.org/resources/guides/csirt_case_classification.html

Questions

Brian.honan@bhconsulting.iewww.bhconsulting.ie

www.twitter.com/brianhonanwww.bhconsulting.ie/securitywatch

Tel : +353 – 1 - 4404065

mailto:Brian.honan@bhconsulting.ie
http://www.bhconsulting.ie/
http://www.twitter.com/brianhonan
http://www.bhconsulting.ie/securitywatch

top related

neuro practise
Documents
principles of incident response and disaster recovery, 2nd...
Documents
evidanbased practise
Documents
preparing for an incident
Documents
fra guide for preparing accident/incident reports · 2019....
Documents
practise pronouns
Documents
practise images
Education
preparing for and responding to a computer security incident
Documents
annex v, terrorist incident response · the consequences of...
Documents
gps practise
Documents
lesson 7 preparing for incident response and the...
Documents
workshop practise
Documents
fire incident reporting manual - dtic · incident report...
Documents
education for sustainable development to practise what we...
Documents
into practise
Documents
practise elem
Documents
fitness to practise and the fitness to practise committee...
Documents
practise fce
Documents
preparing for the unthinkable - boma · preparing for the...
Documents
lesson 12 preparing for incident response and the ...
Documents