Incident Response
-
Incident ResponseIncident Reporting
-
Incident Response Use CasesLab Setup
-
Role Playing - Shift Manager
-
Demonstrating: Investigating and Escalating
-
Report from Malware Analyst
-
Exercise 1.1: Exploring Suspicious Executable Detected using SIEM
-
Exercise 1.2: Investigating Multiple Failed Logins using SIEM
-
Exercise 3: Mitigating Risk
-
Exercise 4.1: Asking the Right Questions
-
Scenario 4.1: Asking the Right Questions
-
Scenario 4.2: Suspicious or Malicious?
-
Exercise 4.2: Reviewing the Shift Log
-
Exercise 4.3: Investigating an Unauthorized Login Attempt
-
Exercise 4.4: Investigating Firewall Traffic
-
Exercise 4.5: Reviewing the Security Operations Mailbox
-
Exercise 5.1: Reviewing New Intelligence
-
Exercise 5.2: Assessing Threat Severity
-
Exercise 6: Recommending Remediation
-
Exercise 7: Conducting a Post-Incident Review
-
Exercise 8: Communicating with Operations and Senior Management
-
Business ContinuityBusiness Continuity Plan Development8 Topics
-
BCP Invocation Process2 Topics
-
Emergency Procedures7 Topics
-
Crisis Management Team10 Topics
-
BCP Seating Plan
-
Overview
-
Disaster RecoveryScope of Critical Services
-
Network Services
-
Application Hosting Service
-
File Hosting Services
-
Call Centre and Voice Recording Services
-
Regulatory Links
-
Thin Client Environment
-
Voice System (Non-Service Desk)
-
Printing Services
-
Recovery Time Objective (RTO) & Recovery Point Objective
-
Single Point of Failure
-
Redundancy Requirements
-
Alternate Locations
-
Contact Protocol4 Topics
Participants3
Invocation Decision Announcement
The MD & CEO / Delegate maintains the authority to take the following decisions, upon occurrence of an event causing business interruption:
- Declare disaster and announce BCP invocation (full / partial)
- Activate the Call Tree process (attached)
- Decide on fundamental issues of strategy and policy
- Update the Board of Directors and regulators of the disaster situation, recovery progress and plans
Based on the type of business interruption, intensity and impact, the invocation decision determines the level of services to be continued:
- Level 1 – Complete services with full or reduced staff strength
- Level 2 – Critical activities with reduced staff strength
- Level 3 – No banking services
Checklist of activities that should take place upon invocation / restoration to normalcy detailing responsible parties. Appendix 7
1.1 | Escalation of an Incident |
Each plan owner is responsible for immediate escalation of any incident incurring in relative area, whether the impact only affects one area / certain areas / the whole bank and regardless if leading to partial / full disaster recovery invocation.
The exact situation should be escalated to the Line of Business Head and further to the Country BCP Coordinator, who will report to O&T Head and MD & CEO.
1.2 | Circulation of Notifications / Announcements |
O&T Head handles communication with the CEO & MD / Senior Management, whereas, the Country BCP Coordinator acts as the focal point of contact for exchange of notifications / announcements / requirements between Senior Management, different business users and support groups.
As soon as the decision to invoke the Plan is taken, following roles and responsibilities should be affected:
Escalation of an incident
Country BCP Coordinator
Business Owner
Circulation of notifications / announcements
MD & CEO
O&T Head
Country BCP Coordinator
Business Owners
Staff inquiries should be addressed to any of the following, according to subject:
Security Service (24/7) | IP 10129 | ||
Landline 02-2798 4707 or 02-2798 3777 | |||
Mobile: 011 – 133 449 99 / 012 – 226 333 20 | |||
010 – 666 943 99 / 010 – 014 222 06 | |||
Fax.: 02-2395 7982 | |||
IT Help Desk | IP 3636 | ||
Country BCP Coordinator | Wael Mandour IP 6426 | ||
Mobile: 010 – 62 006951 012 – 27 414841 | |||
Communication | Hala Abou Youssef IP 3043 Mobile: 010 – 164 00 04 |