Incident Response (OBJ 4.8)

Incident Response

• Systematic approach to managing and mitigating security incidents
• Goals
  • Minimize impact
  • Reduce detection and containment time
  • Facilitate recovery
• Key Steps
  • Detection
  • Classification
  • Containment
  • Eradication
  • Evidence preservation
  • Communication
  • Lessons learned

Study Topics

• Incident Response Process
  • Steps
    • Preparation
    • Detection
    • Analysis
    • Containment
    • Eradication
    • Recovery
    • Lessons Learned
• Threat Hunting
  • Proactive cybersecurity approach for continuous threat identification
  • Purpose
    • Identify hidden or emerging threats
• Root Cause Analysis
  • Systematic process to investigate incidents and identify underlying factors
  • Purpose
    • Understand the cause of security breaches or operational issues
• Incident Response Training and Testing
  • Methods
    • Tabletop Exercises
    • Simulations
    • Drills
    • Live Exercises
  • Purpose
    • Prepare personnel and systems for effective incident response
• Digital Forensic Procedures
  • Systematic techniques to gather, analyze, and preserve digital evidence
  • Purpose
    • Investigate cybercrimes or security incidents
• Data Collection Procedures
  • Established methods for gathering relevant information during incident response
  • Concept
    • Order of volatility (prioritizing data collection based on volatility)
• Disk Imaging and Analysis
  • Creating a bit-by-bit copy (image) of a storage device, examining content
  • Purpose
    • Recover data
    • Investigate incidents
    • Identify security issues