| |
Comprehensive Incident Management
Speaker:
Peter Stephenson
Associate Program Director
Norwich University
Presentation Overview:
Digital incident management is one of the most difficult tasks facing information assurance professionals today. The notion of responding to a digital incident begs several questions: What is the primary purpose of the response? What are appropriate pre- and post-response activities? Who should coordinate the response? What is the nature of the response team? Should you include outside help? If so, who? This seminar tackles the problem of incident management and response with a formalized approach based on pre-planning and structured execution. We will explore the problem of digital incident response, planning for incidents, developing a response team, containment of incidents, preparing for post-incident root cause investigation and responding to legal and regulatory requirements. Throughout the two days, attendees will interact with colleagues in teams to produce incident response plans, address legal issues and prepare for an incident. At the end of the two-day session, the teams will respond to mock incidents and present their results to the rest of the class.
Time-Based Objectives:
Day One
Key Take-Aways:
- A thorough knowledge of the incident response process developed through hands-on interaction
- Paper on post-incident root cause investigation techniques
- List of incident response Web sites and organizations
- List for further reading on incident response and types of digital incidents
- Work papers from group exercises
- CD with the Powerpoint presentations including the mock incident tabletop exercises for use in your organization
|
• The incident environment • Case studies of recent major incidents • Types of incidents, in detail, including: penetration, virus, denial of service • How to identify incidents rapidly and isolate the damage • Planning for the inevitable • Team exercise: building a response plan • Developing and training a response team • Working with outside resources
Day Two
• Types of incident responses • Tools for response management • Preparing for post-incident root cause investigation and analysis • Team exercise: responding to a mock incident • Team exercise: analyzing root cause • Addressing legal and regulatory requirements • Team exercise: mapping an incident response and root cause investigation onto regulatory requirements
Prerequisites:
- Basic understanding of information assurance, risk and regulatory requirements within the attendee’s domain
- Basic understanding of the Internet and enterprise network principles
|
|
