SKIP TO PAGE CONTENT

General's Security Spot Blog

December 2021 Blog

Security BlogE+R=O, Event + Response = Outcome
In Cyber Security, like in life, things happen and no matter the event our response dictates the outcome.

Today we are going to discuss Cyber Security Incident Response, but more importantly, we are going to focus how to effect a positive change to the outcome.

The NIST Cyber Security Incident Response Steps are as follows:

  1. Preparation
  2. Identification
  3. Containment, Eradication, & Recovery
  4. Post incident activity

Preparation Step:
An ounce of prevention is worth a pound of cure ~ Benjamin Franklin

So let’s start in the beginning, preparation for the event. When preparing for incidents some great questions are: What am I required to do? What am I responsible for or what is my role in the process? What do I need to know to fulfill my responsibility in that role? Who can help me and who should I notify in case something does happen? Here is a list to get you started.

  • Regulations, Security/system policies, and SOPs
    • Regulations and Security/system policies outline the items you MUST do and SOPs define HOW you do things. When in doubt ask your supervisor or team members for guidance.
  • Incident response teams procedures/processes
    • Leaders should define the team’s purpose and assign roles that outline team member’s duties. With your duties defined you can create SOPs on how to fulfill your tasks based on your purpose and role.
  • Incident Response team training
    • Training must be conducted for essential tasks and for the tools necessary to complete the job. Also technology and tactics evolve so leadership must be prepared to adapt the training plan to the current environment.
  • Lines of communication (Local leadership, SOC, DIR)
    • Once things happen people need to be informed. A structured notification plan will identify who to contact based on the criticality. Other helpful contacts are vendor numbers, TAC, and organization partners for technical assistance.

This list is not the end all be all for incident response preparation items. Consider your organization’s mission and adapt your process to fit the need. Remember, we don’t rise to the moment, we rise to the level of our preparation and training.