This article discusses what lies ahead for those involved in incident response. It states some obvious facts that incident response products and services are being seen more and more and that attacks are being much more sophisticated. Another problem is that companies under invest in their data protection and detection department. The article goes on to say that in order for IR plans to work, they need to follow some kind of framework, which they say needs to model a framework similar to OODA (Observe, Orient, Decide, and Act).
Deborah Bird Haralson and 5 others
Incident Response
Most recent stories in Incident Response
In this article, NIST outlines what steps you need to take for coordinated cyber incident response. They start by saying to take inventory of information that they currently possess, information they can produce, and how it can be shared. The article goes on to say that organizations should start to think like a hacker so to speak when dealing with a cyber attack to better recover from it and better understand it. The draft is available for download via an included link at the bottom of the article. http://www.fiercegovernmentit.com/story/nist-outlines-steps-coordinated-cyber-incident-response/2014-11-05
CBTS has just announced that their Advanced Cyber Security division has earned the NSA Cyber Incident Response Assistance (CIRA) certification. This certification proves that the company has state-of-the-art capabilities needed for rapid cyber security support to high-level government agencies. Although the certification is more savvy towards government agencies, it exemplifies the team's ability to provide the best incident response services to all business sectors. This is great news for CBTS and is a company worth looking into for a potential career. http://www.gsnmagazine.com/node/42835?c=cyber_security
This article, written by Dr. Claudia Johnson, breaks down how a Incident Response plan should be done. She says to think of an IR plan as a fire drill. The first step is detection and ensuring proper processes are put in place to detect an incident. Along with that, you need to have evidence, log files as well as any other evidence need to be properly maintained for follow-up purposes. She goes on to say that you need to figure out the Who, What, and the Where as they are the "meat and potatoes" of an IR plan. Service Level Agreements are an absolute must as well in any IR plan as she goes on to say. Diagnostics, Mitigation, Resolution, and System Restoration are all of the other steps she goes on to say are crucial in an IR plan as well as ways to improve. These ways include: practice, review the plan regularly, document and preach, review major incidents after they have occurred, and ticketing systems. Last but not least, Disclosure needs to be conducted to alert pertinent individuals of such an incident occurring (cough Chase Bank cough)
This article really puts things into perspective of how important it is to have a competent CSIRT team for any business. The article begins by stating how many companies have had their reputation damaged due to recent attacks (Chase, Target, Home Depot, Apple, Sony, etc.) The article explains how a CSIRT Team should be constructed by selecting experienced and certified individuals as well as disaster recovery specialists to aid in handling the aftermath of an incident. Bottom line, CSIRT's are paramount in an organization, now more than ever as large organizations are being targeted left and right.
This article talks about key parts to a Disaster Recovery plan that are often overlooked. Some of the parts that the article talked about were key applications like human resources, payroll, and customer relations. Those are all highly important parts to a DR plan to ensure your company can stay up and running if it needs to move to a temporary location as part of recovering from a disaster. Hardware is also an important part to a DR plan as the article points out. Certain hardware may be necessary to provide email and/or cloud services, which is why it also needs to be included in a DR plan.