SlideShare una empresa de Scribd logo
1 de 12
Descargar para leer sin conexión
Phil Huggins
February 2004
 Client Relationship
 Team Services
 Team Roles
 TeamTypes
 ExternalTeams
 Team Management Preparation
 Initial IncidentTeam Meeting
 Ongoing ManagementTasks
 Incident Response teams are customer service
teams.
 Adversarial relationships with business units only
leads to poor incident performance.
 Incidents are very high stress events for business
managers. If their expectations are different from
the team then they will become adversarial.
 Set performance targets, let business units know what
they are and measure them.
 Establish a protocol for team members when interacting
with business unit staff.
 What capabilities is the team going to offer
the business units ?
 Extra services such as:
 Auditing
 Specific Platform Skills
 Forensic Acquisition
 Forensic Analysis
 Post-Incident Support
 Team Manager and LogisticsOfficer
 Administration and personnel management.
 Usually reports to CSO.
 Logistics and administrative support.
 Team Leader
 Coordinator of an individual incident.
 Able to make operational decisions in most cases.
 SeniorAnalyst
 Experienced specialist incident responders.
 Able to work independently of team leader for extended periods.
 Analyst
 The incident responders
 Not necessarily a dedicated resource
 Strong technical skills (At least a power user)
 Equipment Maintainer
 Maintains the availability of all Incident Response equipment.
 Responsible for acquiring new equipment as required during an incident.
 Always more tasks than people to do them.
 Internal Distributed CSIRT
 A loose collection of pre-identified system administrators who can be re-
tasked at short notice to perform incident response duties.
 Only works in organisations that are able to easily and successfully make and
break teams on the fly.
 Requires significant buy in from business line managers, incident team may
need to overcome ‘tunnel vision’ as are closer to the systems day to day.
 Internal Dedicated CSIRT
 A dedicated team to provide nothing but security support to the business.
 Generally better trained and with a higher availability. Can provide a more
independent viewpoint on an incident.
 Necessary for more formal organisations where crossing group boundaries is
difficult and fraught.
 Corporate
 Efficient use of resources, available corporate wide
 Slower response times, political implications
 IT
 Easy access to system staff as required
 Business Unit
 Specialised, fast response, minimises downtime
 Even when only high risk business units are served it becomes costly
 Hybrid
 Centralise function for awareness, training and shared resources
 Local teams to provide speed of response and specialist skills
 Public CSIRT
 CERT/CC
 JANET CERT
 FIRST
 Good first points of contact if incident involves systems
owned by constituents.
 Commercial CERTTeams
 Expensive
 Good source of specialist knowledge / equipment
 Location
 Where has the incident occurred?
 Situation
 What has happened? Find out as much as possible. How did the incident come to light?
 Intelligence
 Get as much detailed information as possible to enable you to make decisions and brief
your team
 Mission
 What is the aim of this incident response?
 Execution
 How are you going to achieve your aim? Follow the company standard incident
response procedures
 Have an outline plan of action.
 Administration
 What do you need to achieve your mission? Contact details of key people etc
 Operations including Security
 What are the constraints?
 Need to know basis. Do not make it company wide gossip
 Who else should be informed – legal, HR, PR, senior management
 Logistics
 Do you need any specific items of kit or software to achieve your aim
 When first establishing an Incident Response
team theTeam Leader andTeam Manager
need information.
 The initial team meeting will either:
 collate the information you need to plan the
response
 identify who is going to gather and analyse that
information for you
 Who are the key players?
 Sponsor, stakeholders, external suppliers
 What are the constraints?
 Roles ?
 Explain what everyone will contribute and their responsibilities
 Make it clear that teamwork is vital for success
 Do the company incident response procedures detail who to
call upon?
 If not, identify skills, knowledge and experience required
 Identify who is required and for how long
 Are they available full-time or part-time?
 Keep the team focused, deal with
distractions
 Keep your team informed of progress and
what is happening
 Remember: the incident could well be fast
moving and this could impact the members
of the team, who may never have worked as
a team in such conditions

Más contenido relacionado

La actualidad más candente

Risk Management for University Athletics
Risk Management for University AthleticsRisk Management for University Athletics
Risk Management for University AthleticsJohn Keller
 
Rolling out Business Continuity Planning (BCP) for Manufacturer Company
Rolling out Business Continuity Planning (BCP) for Manufacturer CompanyRolling out Business Continuity Planning (BCP) for Manufacturer Company
Rolling out Business Continuity Planning (BCP) for Manufacturer CompanyBank Alfalah Limited
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateAnthony Chiusano
 
Compliance Identification Risk Monitoring Risk Mitigation Risk Assessment Reg...
Compliance Identification Risk Monitoring Risk Mitigation Risk Assessment Reg...Compliance Identification Risk Monitoring Risk Mitigation Risk Assessment Reg...
Compliance Identification Risk Monitoring Risk Mitigation Risk Assessment Reg...SlideTeam
 
Praxiom Overview
Praxiom OverviewPraxiom Overview
Praxiom OverviewPraxiom
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber SecurityStacy Willis
 
Asset Integrity Management | Arrelic Insights
Asset Integrity Management | Arrelic InsightsAsset Integrity Management | Arrelic Insights
Asset Integrity Management | Arrelic InsightsArrelic
 
Business Continuity Planning PowerPoint Presentation Slides
Business Continuity Planning PowerPoint Presentation SlidesBusiness Continuity Planning PowerPoint Presentation Slides
Business Continuity Planning PowerPoint Presentation SlidesSlideTeam
 
Workplace optimization services
Workplace optimization servicesWorkplace optimization services
Workplace optimization servicesAdvisian
 
Business continuity and recovery planning for manufacturing
Business continuity and recovery planning for manufacturingBusiness continuity and recovery planning for manufacturing
Business continuity and recovery planning for manufacturingARC Advisory Group
 
Contingency%20planning%20lecture%205
Contingency%20planning%20lecture%205Contingency%20planning%20lecture%205
Contingency%20planning%20lecture%205Magdalena Anna Fas
 
Implementing or Reviewing PSM - The added value of guidance
Implementing or Reviewing PSM - The added value of guidanceImplementing or Reviewing PSM - The added value of guidance
Implementing or Reviewing PSM - The added value of guidanceProcess Safety Culture
 
#FIRMday Manchester 4th March 2020 - Jobtrain: Talent Acquisition and your te...
#FIRMday Manchester 4th March 2020 - Jobtrain: Talent Acquisition and your te...#FIRMday Manchester 4th March 2020 - Jobtrain: Talent Acquisition and your te...
#FIRMday Manchester 4th March 2020 - Jobtrain: Talent Acquisition and your te...Emma Mirrington
 
Business Continuity Management or Risk Management? Aligning Expectations for ...
Business Continuity Management or Risk Management? Aligning Expectations for ...Business Continuity Management or Risk Management? Aligning Expectations for ...
Business Continuity Management or Risk Management? Aligning Expectations for ...BCM Institute
 
Disaster Recovery Planning
Disaster Recovery PlanningDisaster Recovery Planning
Disaster Recovery PlanningKathy Pelletier
 

La actualidad más candente (20)

Risk Management for University Athletics
Risk Management for University AthleticsRisk Management for University Athletics
Risk Management for University Athletics
 
Risk and Business Continuity Management
Risk and Business Continuity ManagementRisk and Business Continuity Management
Risk and Business Continuity Management
 
Rolling out Business Continuity Planning (BCP) for Manufacturer Company
Rolling out Business Continuity Planning (BCP) for Manufacturer CompanyRolling out Business Continuity Planning (BCP) for Manufacturer Company
Rolling out Business Continuity Planning (BCP) for Manufacturer Company
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_Articulate
 
Compliance Identification Risk Monitoring Risk Mitigation Risk Assessment Reg...
Compliance Identification Risk Monitoring Risk Mitigation Risk Assessment Reg...Compliance Identification Risk Monitoring Risk Mitigation Risk Assessment Reg...
Compliance Identification Risk Monitoring Risk Mitigation Risk Assessment Reg...
 
Praxiom Overview
Praxiom OverviewPraxiom Overview
Praxiom Overview
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber Security
 
Business Continuity Planning Presentation
Business Continuity Planning PresentationBusiness Continuity Planning Presentation
Business Continuity Planning Presentation
 
Asset Integrity Management | Arrelic Insights
Asset Integrity Management | Arrelic InsightsAsset Integrity Management | Arrelic Insights
Asset Integrity Management | Arrelic Insights
 
Business Continuity Planning PowerPoint Presentation Slides
Business Continuity Planning PowerPoint Presentation SlidesBusiness Continuity Planning PowerPoint Presentation Slides
Business Continuity Planning PowerPoint Presentation Slides
 
Workplace optimization services
Workplace optimization servicesWorkplace optimization services
Workplace optimization services
 
Business continuity and recovery planning for manufacturing
Business continuity and recovery planning for manufacturingBusiness continuity and recovery planning for manufacturing
Business continuity and recovery planning for manufacturing
 
Effective safety committees
Effective safety committeesEffective safety committees
Effective safety committees
 
Contingency%20planning%20lecture%205
Contingency%20planning%20lecture%205Contingency%20planning%20lecture%205
Contingency%20planning%20lecture%205
 
Implementing or Reviewing PSM - The added value of guidance
Implementing or Reviewing PSM - The added value of guidanceImplementing or Reviewing PSM - The added value of guidance
Implementing or Reviewing PSM - The added value of guidance
 
#FIRMday Manchester 4th March 2020 - Jobtrain: Talent Acquisition and your te...
#FIRMday Manchester 4th March 2020 - Jobtrain: Talent Acquisition and your te...#FIRMday Manchester 4th March 2020 - Jobtrain: Talent Acquisition and your te...
#FIRMday Manchester 4th March 2020 - Jobtrain: Talent Acquisition and your te...
 
Business Continuity Management or Risk Management? Aligning Expectations for ...
Business Continuity Management or Risk Management? Aligning Expectations for ...Business Continuity Management or Risk Management? Aligning Expectations for ...
Business Continuity Management or Risk Management? Aligning Expectations for ...
 
Disaster Recovery Planning
Disaster Recovery PlanningDisaster Recovery Planning
Disaster Recovery Planning
 
ISS_PS Brochure
ISS_PS BrochureISS_PS Brochure
ISS_PS Brochure
 
Effective safety committee operations
Effective safety committee operationsEffective safety committee operations
Effective safety committee operations
 

Destacado

Sample De-Stress Presentation/Workshop
Sample De-Stress Presentation/WorkshopSample De-Stress Presentation/Workshop
Sample De-Stress Presentation/WorkshopLizGarrett
 
Stress Management Workshop Presentation
Stress Management Workshop PresentationStress Management Workshop Presentation
Stress Management Workshop PresentationRashid Javed
 
First responders have high risk of post-traumatic syndrome
First responders have high risk of post-traumatic syndrome First responders have high risk of post-traumatic syndrome
First responders have high risk of post-traumatic syndrome nstrom
 
2008 First Responder Suicide Prevention Cova
2008 First Responder  Suicide Prevention Cova2008 First Responder  Suicide Prevention Cova
2008 First Responder Suicide Prevention Covaguest51d7ff
 
Psychological First Aid for Cisco DIRT Responders
Psychological First Aid for Cisco DIRT RespondersPsychological First Aid for Cisco DIRT Responders
Psychological First Aid for Cisco DIRT RespondersCisco Crisis Response
 
Suicide Ideation Among First Responders
Suicide Ideation Among First RespondersSuicide Ideation Among First Responders
Suicide Ideation Among First RespondersRob Ramsden
 
Chapter 06
Chapter 06Chapter 06
Chapter 06Joe
 
Chapter 03
Chapter 03Chapter 03
Chapter 03Joe
 
C11 a practical approach to stress management final
C11 a practical approach to stress management finalC11 a practical approach to stress management final
C11 a practical approach to stress management finalocasiconference
 
First aid powerpoint
First aid powerpointFirst aid powerpoint
First aid powerpointjtwondersome
 
Chapter 01
Chapter 01Chapter 01
Chapter 01Joe
 
Workshop 6 SMART goal setting for stress reduction
Workshop 6 SMART goal setting for stress reductionWorkshop 6 SMART goal setting for stress reduction
Workshop 6 SMART goal setting for stress reductionmarkdarransutton
 
Coping with Workplace Stress by SmallPrint
Coping with Workplace Stress by SmallPrintCoping with Workplace Stress by SmallPrint
Coping with Workplace Stress by SmallPrintAtlantic Training, LLC.
 

Destacado (16)

Sample De-Stress Presentation/Workshop
Sample De-Stress Presentation/WorkshopSample De-Stress Presentation/Workshop
Sample De-Stress Presentation/Workshop
 
Stress Management Workshop Presentation
Stress Management Workshop PresentationStress Management Workshop Presentation
Stress Management Workshop Presentation
 
Helping community first responders prepare for expected and unexpected
Helping community first responders prepare for expected and unexpectedHelping community first responders prepare for expected and unexpected
Helping community first responders prepare for expected and unexpected
 
Unit 3 class 4
Unit 3 class 4Unit 3 class 4
Unit 3 class 4
 
First responders have high risk of post-traumatic syndrome
First responders have high risk of post-traumatic syndrome First responders have high risk of post-traumatic syndrome
First responders have high risk of post-traumatic syndrome
 
2008 First Responder Suicide Prevention Cova
2008 First Responder  Suicide Prevention Cova2008 First Responder  Suicide Prevention Cova
2008 First Responder Suicide Prevention Cova
 
Training Module for Behavioral Health Mobilization
Training Module for Behavioral Health MobilizationTraining Module for Behavioral Health Mobilization
Training Module for Behavioral Health Mobilization
 
Psychological First Aid for Cisco DIRT Responders
Psychological First Aid for Cisco DIRT RespondersPsychological First Aid for Cisco DIRT Responders
Psychological First Aid for Cisco DIRT Responders
 
Suicide Ideation Among First Responders
Suicide Ideation Among First RespondersSuicide Ideation Among First Responders
Suicide Ideation Among First Responders
 
Chapter 06
Chapter 06Chapter 06
Chapter 06
 
Chapter 03
Chapter 03Chapter 03
Chapter 03
 
C11 a practical approach to stress management final
C11 a practical approach to stress management finalC11 a practical approach to stress management final
C11 a practical approach to stress management final
 
First aid powerpoint
First aid powerpointFirst aid powerpoint
First aid powerpoint
 
Chapter 01
Chapter 01Chapter 01
Chapter 01
 
Workshop 6 SMART goal setting for stress reduction
Workshop 6 SMART goal setting for stress reductionWorkshop 6 SMART goal setting for stress reduction
Workshop 6 SMART goal setting for stress reduction
 
Coping with Workplace Stress by SmallPrint
Coping with Workplace Stress by SmallPrintCoping with Workplace Stress by SmallPrint
Coping with Workplace Stress by SmallPrint
 

Similar a First Responders Course - Session 2 - Incident Response Teams [2004]

ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011Marc Vael
 
Business continuity in general
Business continuity in generalBusiness continuity in general
Business continuity in generalJohn Johari
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response PlanResilient Systems
 
Disaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity PlanDisaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity PlanMarcelo Silva
 
Business continuity for SMEs
Business continuity for SMEsBusiness continuity for SMEs
Business continuity for SMEsreedgrace1
 
Coordinating Security Response and Crisis Management Planning
Coordinating Security Response and Crisis Management PlanningCoordinating Security Response and Crisis Management Planning
Coordinating Security Response and Crisis Management PlanningCognizant
 
Tier 4 Events - Operational Discipline - Do you know how are you performing i...
Tier 4 Events - Operational Discipline - Do you know how are you performing i...Tier 4 Events - Operational Discipline - Do you know how are you performing i...
Tier 4 Events - Operational Discipline - Do you know how are you performing i...Process Safety Culture
 
10 Tips to Improve Your Security Incident Readiness and Reponse
10 Tips to Improve Your Security Incident Readiness and Reponse10 Tips to Improve Your Security Incident Readiness and Reponse
10 Tips to Improve Your Security Incident Readiness and ReponseEMC
 
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter   All Courses   LinkedinCorporate Security Intelligence Just Got Smarter   All Courses   Linkedin
Corporate Security Intelligence Just Got Smarter All Courses LinkedinSteve Phelps
 
Incident Mgmt Nov 08
Incident Mgmt Nov 08Incident Mgmt Nov 08
Incident Mgmt Nov 08empower
 
Considerations When Building e-Discovery
Considerations When Building e-Discovery Considerations When Building e-Discovery
Considerations When Building e-Discovery David Kearney
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
How to Manage a Data Breach Involving Multiple Covered Entity Clients
How to Manage a Data Breach Involving Multiple Covered Entity ClientsHow to Manage a Data Breach Involving Multiple Covered Entity Clients
How to Manage a Data Breach Involving Multiple Covered Entity ClientsID Experts
 
Share with the class the most valuable topic or subject area you l.docx
Share with the class the most valuable topic or subject area you l.docxShare with the class the most valuable topic or subject area you l.docx
Share with the class the most valuable topic or subject area you l.docxbagotjesusa
 
Effective_Safety_Committees.ppsx
Effective_Safety_Committees.ppsxEffective_Safety_Committees.ppsx
Effective_Safety_Committees.ppsxrajendrakhatri5
 
2002 ibc - Assessing the safety of staffing arrangements
2002 ibc - Assessing the safety of staffing arrangements2002 ibc - Assessing the safety of staffing arrangements
2002 ibc - Assessing the safety of staffing arrangementsAndy Brazier
 
Incident Response PlanningIncident response planning includes .docx
Incident Response PlanningIncident response planning includes .docxIncident Response PlanningIncident response planning includes .docx
Incident Response PlanningIncident response planning includes .docxjaggernaoma
 
LUCENTIS CONSULTING Carve Out Framework V1.0
LUCENTIS CONSULTING Carve Out Framework V1.0LUCENTIS CONSULTING Carve Out Framework V1.0
LUCENTIS CONSULTING Carve Out Framework V1.0Bart Beeckmans
 
What Professional Security Companies Must Use for Liability Defense
What Professional Security Companies Must Use for Liability DefenseWhat Professional Security Companies Must Use for Liability Defense
What Professional Security Companies Must Use for Liability Defense24/7 Software
 
2016 Risk Management Workshop
2016 Risk Management Workshop2016 Risk Management Workshop
2016 Risk Management WorkshopStacy Willis
 

Similar a First Responders Course - Session 2 - Incident Response Teams [2004] (20)

ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011
 
Business continuity in general
Business continuity in generalBusiness continuity in general
Business continuity in general
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan
 
Disaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity PlanDisaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity Plan
 
Business continuity for SMEs
Business continuity for SMEsBusiness continuity for SMEs
Business continuity for SMEs
 
Coordinating Security Response and Crisis Management Planning
Coordinating Security Response and Crisis Management PlanningCoordinating Security Response and Crisis Management Planning
Coordinating Security Response and Crisis Management Planning
 
Tier 4 Events - Operational Discipline - Do you know how are you performing i...
Tier 4 Events - Operational Discipline - Do you know how are you performing i...Tier 4 Events - Operational Discipline - Do you know how are you performing i...
Tier 4 Events - Operational Discipline - Do you know how are you performing i...
 
10 Tips to Improve Your Security Incident Readiness and Reponse
10 Tips to Improve Your Security Incident Readiness and Reponse10 Tips to Improve Your Security Incident Readiness and Reponse
10 Tips to Improve Your Security Incident Readiness and Reponse
 
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter   All Courses   LinkedinCorporate Security Intelligence Just Got Smarter   All Courses   Linkedin
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
 
Incident Mgmt Nov 08
Incident Mgmt Nov 08Incident Mgmt Nov 08
Incident Mgmt Nov 08
 
Considerations When Building e-Discovery
Considerations When Building e-Discovery Considerations When Building e-Discovery
Considerations When Building e-Discovery
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 
How to Manage a Data Breach Involving Multiple Covered Entity Clients
How to Manage a Data Breach Involving Multiple Covered Entity ClientsHow to Manage a Data Breach Involving Multiple Covered Entity Clients
How to Manage a Data Breach Involving Multiple Covered Entity Clients
 
Share with the class the most valuable topic or subject area you l.docx
Share with the class the most valuable topic or subject area you l.docxShare with the class the most valuable topic or subject area you l.docx
Share with the class the most valuable topic or subject area you l.docx
 
Effective_Safety_Committees.ppsx
Effective_Safety_Committees.ppsxEffective_Safety_Committees.ppsx
Effective_Safety_Committees.ppsx
 
2002 ibc - Assessing the safety of staffing arrangements
2002 ibc - Assessing the safety of staffing arrangements2002 ibc - Assessing the safety of staffing arrangements
2002 ibc - Assessing the safety of staffing arrangements
 
Incident Response PlanningIncident response planning includes .docx
Incident Response PlanningIncident response planning includes .docxIncident Response PlanningIncident response planning includes .docx
Incident Response PlanningIncident response planning includes .docx
 
LUCENTIS CONSULTING Carve Out Framework V1.0
LUCENTIS CONSULTING Carve Out Framework V1.0LUCENTIS CONSULTING Carve Out Framework V1.0
LUCENTIS CONSULTING Carve Out Framework V1.0
 
What Professional Security Companies Must Use for Liability Defense
What Professional Security Companies Must Use for Liability DefenseWhat Professional Security Companies Must Use for Liability Defense
What Professional Security Companies Must Use for Liability Defense
 
2016 Risk Management Workshop
2016 Risk Management Workshop2016 Risk Management Workshop
2016 Risk Management Workshop
 

Último

Building Your Personal Brand on LinkedIn - Expert Planet- 2024
 Building Your Personal Brand on LinkedIn - Expert Planet-  2024 Building Your Personal Brand on LinkedIn - Expert Planet-  2024
Building Your Personal Brand on LinkedIn - Expert Planet- 2024Stephan Koning
 
MoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor PresentationMoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor Presentationbaron83
 
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003believeminhh
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access
 
To Create Your Own Wig Online To Create Your Own Wig Online
To Create Your Own Wig Online  To Create Your Own Wig OnlineTo Create Your Own Wig Online  To Create Your Own Wig Online
To Create Your Own Wig Online To Create Your Own Wig Onlinelng ths
 
Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..dlewis191
 
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John MeulemansBCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John MeulemansBBPMedia1
 
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxCracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxWorkforce Group
 
Slicing Work on Business Agility Meetup Berlin
Slicing Work on Business Agility Meetup BerlinSlicing Work on Business Agility Meetup Berlin
Slicing Work on Business Agility Meetup BerlinAnton Skornyakov
 
Data skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsData skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsyasinnathani
 
Upgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsUpgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsIntellect Design Arena Ltd
 
Q2 2024 APCO Geopolitical Radar - The Global Operating Environment for Business
Q2 2024 APCO Geopolitical Radar - The Global Operating Environment for BusinessQ2 2024 APCO Geopolitical Radar - The Global Operating Environment for Business
Q2 2024 APCO Geopolitical Radar - The Global Operating Environment for BusinessAPCO
 
Anyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyAnyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyHanna Klim
 
PDT 89 - $1.4M - Seed - Plantee Innovations.pdf
PDT 89 - $1.4M - Seed - Plantee Innovations.pdfPDT 89 - $1.4M - Seed - Plantee Innovations.pdf
PDT 89 - $1.4M - Seed - Plantee Innovations.pdfHajeJanKamps
 
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdf
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdfChicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdf
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdfSourav Sikder
 
Project Brief & Information Architecture Report
Project Brief & Information Architecture ReportProject Brief & Information Architecture Report
Project Brief & Information Architecture Reportamberjiles31
 
Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024Winbusinessin
 
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...IMARC Group
 
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...Khaled Al Awadi
 

Último (20)

Building Your Personal Brand on LinkedIn - Expert Planet- 2024
 Building Your Personal Brand on LinkedIn - Expert Planet-  2024 Building Your Personal Brand on LinkedIn - Expert Planet-  2024
Building Your Personal Brand on LinkedIn - Expert Planet- 2024
 
MoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor PresentationMoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor Presentation
 
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024
 
To Create Your Own Wig Online To Create Your Own Wig Online
To Create Your Own Wig Online  To Create Your Own Wig OnlineTo Create Your Own Wig Online  To Create Your Own Wig Online
To Create Your Own Wig Online To Create Your Own Wig Online
 
Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..
 
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John MeulemansBCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
BCE24 | Virtual Brand Ambassadors: Making Brands Personal - John Meulemans
 
Investment Opportunity for Thailand's Automotive & EV Industries
Investment Opportunity for Thailand's Automotive & EV IndustriesInvestment Opportunity for Thailand's Automotive & EV Industries
Investment Opportunity for Thailand's Automotive & EV Industries
 
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxCracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
 
Slicing Work on Business Agility Meetup Berlin
Slicing Work on Business Agility Meetup BerlinSlicing Work on Business Agility Meetup Berlin
Slicing Work on Business Agility Meetup Berlin
 
Data skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsData skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story points
 
Upgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsUpgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking Applications
 
Q2 2024 APCO Geopolitical Radar - The Global Operating Environment for Business
Q2 2024 APCO Geopolitical Radar - The Global Operating Environment for BusinessQ2 2024 APCO Geopolitical Radar - The Global Operating Environment for Business
Q2 2024 APCO Geopolitical Radar - The Global Operating Environment for Business
 
Anyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyAnyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agency
 
PDT 89 - $1.4M - Seed - Plantee Innovations.pdf
PDT 89 - $1.4M - Seed - Plantee Innovations.pdfPDT 89 - $1.4M - Seed - Plantee Innovations.pdf
PDT 89 - $1.4M - Seed - Plantee Innovations.pdf
 
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdf
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdfChicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdf
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdf
 
Project Brief & Information Architecture Report
Project Brief & Information Architecture ReportProject Brief & Information Architecture Report
Project Brief & Information Architecture Report
 
Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024
 
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
 
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
 

First Responders Course - Session 2 - Incident Response Teams [2004]

  • 2.  Client Relationship  Team Services  Team Roles  TeamTypes  ExternalTeams  Team Management Preparation  Initial IncidentTeam Meeting  Ongoing ManagementTasks
  • 3.  Incident Response teams are customer service teams.  Adversarial relationships with business units only leads to poor incident performance.  Incidents are very high stress events for business managers. If their expectations are different from the team then they will become adversarial.  Set performance targets, let business units know what they are and measure them.  Establish a protocol for team members when interacting with business unit staff.
  • 4.  What capabilities is the team going to offer the business units ?  Extra services such as:  Auditing  Specific Platform Skills  Forensic Acquisition  Forensic Analysis  Post-Incident Support
  • 5.  Team Manager and LogisticsOfficer  Administration and personnel management.  Usually reports to CSO.  Logistics and administrative support.  Team Leader  Coordinator of an individual incident.  Able to make operational decisions in most cases.  SeniorAnalyst  Experienced specialist incident responders.  Able to work independently of team leader for extended periods.  Analyst  The incident responders  Not necessarily a dedicated resource  Strong technical skills (At least a power user)  Equipment Maintainer  Maintains the availability of all Incident Response equipment.  Responsible for acquiring new equipment as required during an incident.
  • 6.  Always more tasks than people to do them.  Internal Distributed CSIRT  A loose collection of pre-identified system administrators who can be re- tasked at short notice to perform incident response duties.  Only works in organisations that are able to easily and successfully make and break teams on the fly.  Requires significant buy in from business line managers, incident team may need to overcome ‘tunnel vision’ as are closer to the systems day to day.  Internal Dedicated CSIRT  A dedicated team to provide nothing but security support to the business.  Generally better trained and with a higher availability. Can provide a more independent viewpoint on an incident.  Necessary for more formal organisations where crossing group boundaries is difficult and fraught.
  • 7.  Corporate  Efficient use of resources, available corporate wide  Slower response times, political implications  IT  Easy access to system staff as required  Business Unit  Specialised, fast response, minimises downtime  Even when only high risk business units are served it becomes costly  Hybrid  Centralise function for awareness, training and shared resources  Local teams to provide speed of response and specialist skills
  • 8.  Public CSIRT  CERT/CC  JANET CERT  FIRST  Good first points of contact if incident involves systems owned by constituents.  Commercial CERTTeams  Expensive  Good source of specialist knowledge / equipment
  • 9.  Location  Where has the incident occurred?  Situation  What has happened? Find out as much as possible. How did the incident come to light?  Intelligence  Get as much detailed information as possible to enable you to make decisions and brief your team  Mission  What is the aim of this incident response?  Execution  How are you going to achieve your aim? Follow the company standard incident response procedures  Have an outline plan of action.  Administration  What do you need to achieve your mission? Contact details of key people etc  Operations including Security  What are the constraints?  Need to know basis. Do not make it company wide gossip  Who else should be informed – legal, HR, PR, senior management  Logistics  Do you need any specific items of kit or software to achieve your aim
  • 10.  When first establishing an Incident Response team theTeam Leader andTeam Manager need information.  The initial team meeting will either:  collate the information you need to plan the response  identify who is going to gather and analyse that information for you
  • 11.  Who are the key players?  Sponsor, stakeholders, external suppliers  What are the constraints?  Roles ?  Explain what everyone will contribute and their responsibilities  Make it clear that teamwork is vital for success  Do the company incident response procedures detail who to call upon?  If not, identify skills, knowledge and experience required  Identify who is required and for how long  Are they available full-time or part-time?
  • 12.  Keep the team focused, deal with distractions  Keep your team informed of progress and what is happening  Remember: the incident could well be fast moving and this could impact the members of the team, who may never have worked as a team in such conditions