Coordinated Response
Services and tools for incident response management

Effective Incident Response Workshop

This course helps attendees to develop or review and revise a cybersecurity incident response plan. The emphasis in the course is on the FISMA requirements for developing and executing an effective incident response program. However, consideration is given to other thought leaders on incident cybersecurity response management including the SANS Institute and the Software Engineering Institute at Carnegie Mellon University.

The incident response workshop is a combination of lecture, seminar, and workshop. Active participation is expected from all course attendees.

A Response Management Framework is introduced that reflects and complements NIST documentation on Incident Response. The NIST Risk Management Framework is used to develop incident impact assessment techniques, to set appropriate incident priorities, and to establish appropriate strategies for incident response, escalation, and notification. A set of six typical and representative incident types, selected by the class, is used to examine and apply the framework. High profile incidents are used as examples.

Incident Response Workshop Agenda

DAY 1 – First Pass: Incident Response – The Overview DAY 2 – Second Pass: Incident Response – The Details
1.   Introduction 8.   Risk Management & Incident Response
2.   Incident Response Plan 9.   Insider Threats
3.   Response Management – A General Framework 10.  Response Team & Actions, Revisited
4.   Incident Types & Categories 11.  Malware Incidents
5.   The Response Team 12.  CSIRT Services
6.   CSIRT Actions / Incident Handling 13.  Data Breach Incidents & Privacy
7.   Impact Assessment & Incident Prioritization 14.  Conclusion

Workshop Configuration
We offer the workshop in a variety of configurations.

First, we offer a 1 day seminar or 2 day workshop through the FISMA Center in Columbia, Maryland. The next scheduled offering is the 1 day seminar on Monday, May 18.

For more information visit the FISMA Center. To register click here.

We also deliver it at the client site for their response team. This can be delivered in three ways: one full day, two full days, or four half days. In either case we suggest the client include a response plan review combined with the workshop. We start with a review of the plan, then incorporate elements of the plan review in the workshop. Finally, we provide 90-minute webinars on pairs of the topics. For example, The Response Management Framework can be paired with either Insider Threats, Malware incidents, or Data Breach incidents. The Impact Assessment is paired with Risk Management. We can also deliver the webinar for a client’s extended response team. Throughout the material we identify recommended best practices from industry experts. We also examine incidents that received publicity for lessons learned.