Incident response training
Incident Response (IR) is a life cycle management that must be tracked from the inception of an incident. When an incident is discovered, we must register, analyze, contain, mitigate, recover, and review for the life of the incident. These incidents are collected in a Configuration Management Database (CMDB) as part of the organization’s continuous monitoring effort. Each phase of these IR life cycles can repeat based on the incident behavior and status. The IR processes are integrated with the security operations center (SOC) and Network Operations Center (NOC) activities that may require a collaborative effort between the SOC, NOC, IR, and the Helpdesk. Organizations can fully integrate a top-down approach as follows:
Planning and Preparation includes policy review of development; training for employees; training for IT staff, cyber and casualty insurance review and evaluation; legal and regulatory compliance review (for laws and regulations that mandate incident response services); network mapping and validation; information security assessment services; electronic discovery readiness review; ongoing monitoring for breaches; crisis communications training and support.
Management includes crisis management or support services; crisis communications services; information security regulatory compliance services; privacy impact review during incident; inside and outside counsel coordination; vendor and supplier coordination; incident response escalation.
Support includes consumer mitigation services (credit repair services, credit freeze, credit reporting services; data breach remediation and repair; electronic discovery and documents review; data breach notification services; SEC disclosure support; regulatory reporting support; international coordination support; privacy and financial impact assessment.
Post-incident operations include post-incident forensic services; physical security, cyber insurance claims coordination and presentation; validation and certification services; litigation support services; expert witness services; privacy consulting and chief privacy officer services during or post incident; disaster recovery and business continuation planning; cloud based or outsourced data backup or recovery.
Investigation activities throughout the incident response life cycle include digital investigative services, computer forensic investigation, CERT/ISAC coordination, forensic data recovery, analysis of forensically obtained data, computer security consulting services, coordination with law enforcement and regulatory agencies in connection with incidents, forensic data storage and evaluation (large scale data analysis), network log data collection and review, discovery and litigation assistance for investigation, encase deployment.