filmov
tv
10 Incident Response Preparation Questions
Показать описание
In my last video, I introduced you to incident response plans. Feel free to stop this video here and refer to that one for more information on the subject, but for now here is a quick summary. An incident response plan is a document that helps companies understand what they should do if a cybersecurity incident occurs.
LINKS:
____________________________________________
____________________________________________
When creating your own cybersecurity incident response plan, you should include the following phases:
1. Preparation
2. Identification
3. Containment
4. Eradication
5. Recovery
6. Lessons Learned
I’m sure you’re thinking, “Okay, thanks for that… but what exactly should I be asking or looking for when it comes to creating my plan?” Don’t worry, I’ve got your back! I’m going to go over some must-have incident response questions to ask, starting with the preparation phase.
The preparation phase is important because it ensures that systems, networks, and applications are secure even when there is now security incident actively unfolding. Think of this phase as being more prevention-based while the rest of the phases are more suited for when an incident actually happens.
Still, this doesn’t mean the preparation phase isn’t as essential as the rest!
Here are a few questions you should ask yourself (and your incident response team) during this phase to help prepare you for future security threats:
1. How do we prioritize the protection of assets in case of a security incident?
2. What steps do we take to ensure that we train all of our employees on incident response protocols?
3. How do you establish communication channels with external entities before an incident occurs? (Note: external entities include law enforcement, incident response teams, and other stakeholders)
4. What tools do you use for ongoing monitoring of your systems for potential security incidents?
5. How often do you update your incident response plan to ensure it remains current and effective?
6. How do you test your incident response plan to ensure its effectiveness?
7. What is your approach to managing and maintaining incident response documentation and records?
8. What is your policy for managing incident response-related information, such as sensitive data or evidence?
9. How do you ensure that your incident response team is available and prepared to respond to a security incident at any time?
10. How do you handle incidents that cross geographical boundaries, such as incidents affecting remote workers or subsidiaries?
Remember, there is no such thing as a stupid question. Making sure your company’s assets and important information are safe takes teamwork and open communication. Thoroughly preparing by asking these questions will help your team develop better incident response planning, testing, and training.
#IncidentResponse #IncidentResponsePlan
LINKS:
____________________________________________
____________________________________________
When creating your own cybersecurity incident response plan, you should include the following phases:
1. Preparation
2. Identification
3. Containment
4. Eradication
5. Recovery
6. Lessons Learned
I’m sure you’re thinking, “Okay, thanks for that… but what exactly should I be asking or looking for when it comes to creating my plan?” Don’t worry, I’ve got your back! I’m going to go over some must-have incident response questions to ask, starting with the preparation phase.
The preparation phase is important because it ensures that systems, networks, and applications are secure even when there is now security incident actively unfolding. Think of this phase as being more prevention-based while the rest of the phases are more suited for when an incident actually happens.
Still, this doesn’t mean the preparation phase isn’t as essential as the rest!
Here are a few questions you should ask yourself (and your incident response team) during this phase to help prepare you for future security threats:
1. How do we prioritize the protection of assets in case of a security incident?
2. What steps do we take to ensure that we train all of our employees on incident response protocols?
3. How do you establish communication channels with external entities before an incident occurs? (Note: external entities include law enforcement, incident response teams, and other stakeholders)
4. What tools do you use for ongoing monitoring of your systems for potential security incidents?
5. How often do you update your incident response plan to ensure it remains current and effective?
6. How do you test your incident response plan to ensure its effectiveness?
7. What is your approach to managing and maintaining incident response documentation and records?
8. What is your policy for managing incident response-related information, such as sensitive data or evidence?
9. How do you ensure that your incident response team is available and prepared to respond to a security incident at any time?
10. How do you handle incidents that cross geographical boundaries, such as incidents affecting remote workers or subsidiaries?
Remember, there is no such thing as a stupid question. Making sure your company’s assets and important information are safe takes teamwork and open communication. Thoroughly preparing by asking these questions will help your team develop better incident response planning, testing, and training.
#IncidentResponse #IncidentResponsePlan
0:03:21
0:17:34
0:10:33
0:00:49
0:10:27
0:05:40
2:08:05
0:12:30
1:32:10
0:05:23
0:10:01
0:21:23
0:48:53
0:00:42
0:10:47
1:20:12
0:00:24
0:15:28
0:17:32
1:01:41
0:00:57
1:02:21
0:10:32
0:20:51