Where Security personnel determine the priority, scope, and root cause of an incident. One important preparation item is to enable NTP or another method to keep host clocks synchronized, so that events can be correlated, and forensic analysis uses a consistent time.What are some external entities that might be part of an incident response team (S-6, S-3, SJA, CI, etc.).Policies & Procedures (Know these of places that you may go to).Network Diagrams (if you are able to get Network Diagrams from the sites you might go to.).Standard Operating Procedures (review SOPs that you will use while on an incident).Documentation (Team knows the TTPs that they will be using during the IR).Training (team members know what tools they use and their job roles).Ensure all tools are updated (don’t want to show up to a site and have to update your tools on a compromised network).(Don’t want to not have to call back or make impact purchases while on a IR mission.) Have a packing list for every team member so everyone brings everything they need.Ensure that tools and procedures for incident response have been selected and documented. Ensure you have the appropriate response plans, policies, call trees and other documents in place and that you have identified and trained the members of your incident response team, including external entities. This step happens before an incident occurs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |