Security Planning Susan Lincke Planning for
Author : aaron | Published Date : 2025-05-28
Description: Security Planning Susan Lincke Planning for Incident Response Objectives Students should be able to Define and describe an incident response plan and business continuity plan Describe incident management team incident response team
Presentation Embed Code
Download Presentation
Download
Presentation The PPT/PDF document
"Security Planning Susan Lincke Planning for" is the property of its rightful owner.
Permission is granted to download and print the materials on this website for personal, non-commercial use only,
and to display it on your personal computer provided you do not modify the materials and that you retain all
copyright notices contained in the materials. By downloading content from our website, you accept the terms of
this agreement.
Transcript:Security Planning Susan Lincke Planning for:
Security Planning Susan Lincke Planning for Incident Response Objectives Students should be able to: Define and describe an incident response plan and business continuity plan Describe incident management team, incident response team, proactive detection, triage Define and describe computer forensics: authenticity, continuity, forensic copy, chain of custody, root cause, Define external test, internal test, blind test, double blind test, targeted test. Develop a high-level incident response plan. Describe steps to obtain computer forensic information during an investigation. Describe general capabilities of a forensic tool. Describe steps to copy a disk. Define discovery, e-discovery, deposition, declaration, affidavit, fact witness, expert consultant, expert witness. How to React to…? Viruses Denial of Service Hacker Intrusion Accidents System Failure Theft of Proprietary Information Social Engineering Lost Backup Tape Stolen Laptop Ransom! Criminal: Stolen data: financial, Point of sale, medical Regulation & liability Espionage: Stolen engineering or marketing plans, trade secrets Stolen government data Warfare: Denial of service Destruction Business Impact Incident Response vs. Business Continuity Incident Response Planning (IRP) Security-related threats to systems, networks & data Data confidentiality Non-repudiable transactions Business Continuity Planning Disaster Recovery Plan Continuity of Business Operations BCP and can be the first step for Incident Response NIST SP 800-61 defines an incident as “a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices.” Incident Response Costs: IBM 2022 Cost of a Data Breach Report IBM’s statistics on breaches indicates the global average cost per breach is $4.87 million when the lifecycle exceeds 200 days; and $3.61 million otherwise [IBM21]. To reduce the total data breach cost if an organization has: an incident response team and performs testing (reduces by: $2.46 million), a strong emphasis on regulatory compliance ($2.3 million), a mature implementation of zero trust ($1.76 million), a high standard of encryption ($1.25 million), and security automation ($3.81 million) reduces time to find and contain an incident. use of artificial intelligence, and security analytics. Factors raising the cost of a breach > $5 million average includes: a high level of cloud migration, a large majority (81-100%) of employees working remotely; also caused delay in discovering and containing a breach. The IBM’s Cost of Data Breach 2021 Review: Business Continuity Recovery Terms Interruption Window: Time duration organization can wait between point of failure and Alternate Mode startup. Service Delivery Objective (SDO): Level of service in Alternate Mode Maximum Tolerable Outage: Max time allowed
