Best Practices Security Incident Response Program:

From HORSE - Holistic Operational Readiness Security Evaluation.
Revision as of 18:46, 25 September 2006 by Mdpeters (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Best Practices Security Incident Response Program Presentation


Presenter Notes
Prerequisites

General knowledge of incident response approaches
Basic understanding of intrusion detection systems (IDS)


Intended Audience

Information Security Staff
Network Administrators
Interested Executive and Business Unit Management.


Preparation Instructions

Review speaker notes (included in the presentation)
Review existing reference material on this subject in the system:


Security Incident Response Team (SIRT) Development
Best Practices for Developing a Security Incident Response Team (SIRT)
Computer Forensics Today
Your Computer Forensic Toolkit
Building a Computer Forensics Laboratory


Key Points

Do Not Rely Solely on Technical Solutions (e.g., Firewalls, IDS, etc)
Do Not Fool Yourself: Everyone and Every Place Is a Target
You Are Increasingly Responsible -- Legally, and by Government Regulation -- for


Protecting Your Organization From Attacks

Do Not Expect That Technically Competent Staff Inherently Know How to Respond to


Security Incidents

An Incident Response capability will not eliminate incidents.


Helpful Suggestions

Do make the point that advance coordination of responses to expected categories of incidents is an essential aspect of an effective defense.
Do stress that an Incident Response capability often can be established within the current organizational headcount, or with very limited headcount additions or organizational adjustments.
Do stress that development of an Incident Response capability must follow a structured regimen but does not necessarily equate to a long period of down time or training.


Do not use scare tactics; give an even-handed presentation of risks.
Do not give the impression technology is the only issue.


Presentation Structure

Introduction to Incident Response (IR) Fundamentals (Slide 1-9)
Key IR Processes and Interaction (Slides 10-11)
IR Roles and Program (Slides 12-13)
SIRT Critical Success Factors (Slides 14-17)
Security Components/Supporting Countermeasures and Operational Practices (Slides 18-19)
Building an IR Program and Procedure (Slides 20-21)
Incident Handling Phases (Slide 22)