Best Practices Security Incident Response Program:
Best Practices Security Incident Response Program Presentation
Presenter Notes
Prerequisites
- General knowledge of incident response approaches
- Basic understanding of intrusion detection systems (IDS)
- General knowledge of incident response approaches
Intended Audience
- Information Security Staff
- Network Administrators
- Interested Executive and Business Unit Management.
Preparation Instructions
- Review speaker notes (included in the presentation)
- Review existing reference material on this subject in the system:
- Security Incident Response Team (SIRT) Development
- Best Practices for Developing a Security Incident Response Team (SIRT)
- Computer Forensics Today
- Your Computer Forensic Toolkit
- Building a Computer Forensics Laboratory
Key Points
- Do Not Rely Solely on Technical Solutions (e.g., Firewalls, IDS, etc)
- Do Not Fool Yourself: Everyone and Every Place Is a Target
- You Are Increasingly Responsible -- Legally, and by Government Regulation -- for
Protecting Your Organization From Attacks
- Do Not Expect That Technically Competent Staff Inherently Know How to Respond to
Security Incidents
- An Incident Response capability will not eliminate incidents.
Helpful Suggestions
- Do make the point that advance coordination of responses to expected categories of incidents is an essential aspect of an effective defense.
- Do stress that an Incident Response capability often can be established within the current organizational headcount, or with very limited headcount additions or organizational adjustments.
- Do stress that development of an Incident Response capability must follow a structured regimen but does not necessarily equate to a long period of down time or training.
- Do not use scare tactics; give an even-handed presentation of risks.
- Do not give the impression technology is the only issue.
Presentation Structure
- Introduction to Incident Response (IR) Fundamentals (Slide 1-9)
- Key IR Processes and Interaction (Slides 10-11)
- IR Roles and Program (Slides 12-13)
- SIRT Critical Success Factors (Slides 14-17)
- Security Components/Supporting Countermeasures and Operational Practices (Slides 18-19)
- Building an IR Program and Procedure (Slides 20-21)
- Incident Handling Phases (Slide 22)