The incident response workshop is a combination of lecture, seminar, and workshop. Active participation is expected from all course attendees.
A Response Management Framework is introduced that reflects and complements NIST documentation on Incident Response. The NIST Risk Management Framework is used to develop incident impact assessment techniques, to set appropriate incident priorities, and to establish appropriate strategies for incident response, escalation, and notification. A set of six typical and representative incident types, selected by the class, is used to examine and apply the framework. High profile incidents are used as examples.
|DAY 1 – First Pass: Incident Response – The Overview||DAY 2 – Second Pass: Incident Response – The Details|
|1. Introduction||8. Risk Management & Incident Response|
|2. Incident Response Plan||9. Insider Threats|
|3. Response Management – A General Framework||10. Response Team & Actions, Revisited|
|4. Incident Types & Categories||11. Malware Incidents|
|5. The Response Team||12. CSIRT Services|
|6. CSIRT Actions / Incident Handling||13. Data Breach Incidents & Privacy|
|7. Impact Assessment & Incident Prioritization||14. Conclusion|
We offer the workshop in a variety of configurations.
First, we offer a 1 day seminar or 2 day workshop through the FISMA Center in Columbia, Maryland. The next scheduled offering is the 1 day seminar on Monday, May 18.
We also deliver it at the client site for their response team. This can be delivered in three ways: one full day, two full days, or four half days. In either case we suggest the client include a response plan review combined with the workshop. We start with a review of the plan, then incorporate elements of the plan review in the workshop. Finally, we provide 90-minute webinars on pairs of the topics. For example, The Response Management Framework can be paired with either Insider Threats, Malware incidents, or Data Breach incidents. The Impact Assessment is paired with Risk Management. We can also deliver the webinar for a client’s extended response team. Throughout the material we identify recommended best practices from industry experts. We also examine incidents that received publicity for lessons learned.