Beruflich Dokumente
Kultur Dokumente
Certified Information
Security Manager
Firebrand Custom Designed Courseware
2016 Firebrand
5/6/2016
Chapter 4
Information Security Incident
Management
2016 Firebrand
5/6/2016
Exam Relevance
(approximately 36 questions).
Incident response
Malicious code
Surveillance, espionage
Social Engineering
Fraud
ISACA CISM Review Manual Page 236
2016 Firebrand
5/6/2016
What is an
Incident - Unintentional
Equipment failure
Software bugs
Deletion of files
Weather-related issues
ISACA CISM Review Manual Page 236
2016 Firebrand
5/6/2016
Incident Response Team Members
2016 Firebrand
5/6/2016
Personnel
An
Incident Permanent/dedicated team
members
Response Specialized skills forensics,
audit, communications, legal
Team Representation from key
departments Operations, IT, HR,
usually Finance, Security, Executive, etc.
Virtual/temporary team members
consists External experts
of
ISACA CISM Review Manual Page 237
2016 Firebrand
5/6/2016
Personnel cont.
Personal skills
Communication
Presentation skills
Ability to follow policies and procedures
Team skills
Integrity
Confidence
Problem solving
Time management
ISACA CISM Review Manual Page 238
2016 Firebrand
5/6/2016
Skills cont.
Self-assessment
2016 Firebrand
5/6/2016
Incident Management
and Response
Incident Response
The incident Planning
management Business Continuity
and response Planning
structure
should Disaster Recovery
include: Planning
Recovery of IT systems
2016 Firebrand
5/6/2016
Incident Management
and Response cont.
Plans must be
Clearly documented
Readily accessible
Based on the long range IT plan
Consistent with the overall
business continuity and security
strategies
2016 Firebrand
5/6/2016
Incident Management
and Response cont.
2016 Firebrand
5/6/2016
Importance of Incident Management and
Response
Triage
Containment, recovery
Analysis
Root cause, lessons learned
2016 Firebrand
5/6/2016
Detailed Plan of Action for Incident
Management
Prepare/improve/sustain (prepare)
phase:
Coordinate planning and design.
Identify incident management
requirements.
Establish vision and mission.
Obtain funding and sponsorship.
Develop implementation plan.
Coordinate implementation.
ISACA CISM Review Manual Page 242
2016 Firebrand
5/6/2016
Detailed Plan of Action for Incident
Management Prepare cont.
Triage
Technical response
Collecting data for further analysis
Analyzing incident supporting
information such as log files
Technical mitigation strategies and
recovery options
Development and deployment of
Response workarounds
Management response
Legal response
Internal
One of the Staff, management, business units
greatest External
challenges in a Business partners
crisis is Shareholders
effective General public
communications Government and regulatory bodies
Law Enforcement
2016 Firebrand
5/6/2016
When an Incident Occurs
If an incident occurs:
The
Retrieving information
initial needed to confirm an
response incident
False positive or real
to an event
incident Notify incident manager
and activate incident
should response teams
include:
ISACA CISM Review Manual Page 258
2016 Firebrand
5/6/2016
During an Incident cont.
During an
incident it is Network isolation and
critically segmentation
important to Fire doors and fire
contain the suppression
crisis and Fail secure
attempt to Multiple suppliers
minimize the
Multiple facilities
amount of
damage that Cross trained staff
occurs.
ISACA CISM Review Manual Page 258
2016 Firebrand
5/6/2016
The Battle Box
2016 Firebrand
5/6/2016
Evidence Identification and
Preservation
2016 Firebrand
5/6/2016
Disaster Recovery Planning (DRP) and Business
Recovery Processes
Factors to
consider Available resources
when Expected services
developing levels
response Types, kinds, and
and severity of threats
recovery faced by the
plans organization
include:
ISACA CISM Review Manual Page 250
2016 Firebrand
5/6/2016
Recovery Strategies
Plan
should Representatives of equipment and
software vendors
include a Contacts within companies that
call tree have been designated to provide
supplies and equipment or services
with a Contacts at recovery facilities,
prioritized including hot-site representatives
or predefined network
list of communications rerouting services
contacts
ISACA CISM Review Manual Page 253
2016 Firebrand
5/6/2016
Notification
Requirements cont.
to:
Measure the overall performance of
operational and information systems
related to maintaining the business
entity
2016 Firebrand
5/6/2016