up

2020-01-28- whatwhat

• BC
• DR
• and IR

Move reflections from CPA3 to content notes.

IR is what you do while an event is happening. How to cope with security events.

NIST IR Framework

• Prep
• Detection and Analysis (Identification)
• Containment, Eradication, and Recovery
• Post-incident activity

IR Policy

• Statement of commitment
• objectives
• scope
• incident definition
• R&R matrix
• Severity matrix
• Reporting and Contact information

Plan and policy are related but not the same

CSIRT := Computer Security Incident Response Team

IR Response Strategy

• Create new sheet in case study risk analysis doc
  • IS Incident Desc
  • Likelihood
  • Impact
  • Mitigation Cost
  • Risk Score
• Brainstorm incidents that would affect the case study

IR Plan

• Create new doc in case study folder
• Create headings
  • Identification
  • Containment
  • Eradication
  • Recovery
  • Lessons Learned

It appears the case study is a mirror of what we will need to do on our own

• Define
  • Term Incident
  • Severity Scheme
  • Incident Categories
  • Complete table:
    • Incident Category
    • IS Incident Description
    • Severity
    • Severity Description

Containment

• Create table: R&R for taking system down

Eradication

• identify who is responsible for identifying impacted systems
• Identify the who is responsible for repairing impacted systems

Reflection

• What did you learn about impact analysis and/or about evaluating risk in today’s class?
• What were your challenges when trying to complete the class activities?
  • categories
• Do you have any outstanding questions about these topics?