Preventing and Responding to Incidents

Incident Response Plan Phases

• Preparing for incidents

• Identify the occurence of an incident

• Containing the incident

• Treat the incident

• Recover from incident

• Post-incident review

• Three things you need to have in place to prepare

  • Business Continuity Plan

  • Disaster Recovery Plan

  • Incident Response Plan

Incident Response Steps

• Detection

  • IDS/IPS

  • AntiVirus

  • Scans of audit logs

  • End users report irregular activity

• Response

• Mitigation

• Reporting

• Recovery

• Remediation

• Lessons Learned

Reference Material

• NIST Special Publication 800-61 Revision 2: Computer Security Incident Handling Guide

• ISO/IEC 27035-2

• NCSS Good Practice Guide

• NIST Framework for Improving Critical Infrastructure Cybersecurity

• NIST 800-153 - Guidelines for Securing WLANs