Back to Course

Incident Response

  1. Incident Response
    Incident Reporting
  2. Incident Response Use Cases
    Lab Setup
  3. Role Playing - Shift Manager
  4. Demonstrating: Investigating and Escalating
  5. Report from Malware Analyst
  6. Exercise 1.1: Exploring Suspicious Executable Detected using SIEM
  7. Exercise 1.2: Investigating Multiple Failed Logins using SIEM
  8. Exercise 3: Mitigating Risk
  9. Exercise 4.1: Asking the Right Questions
  10. Scenario 4.1: Asking the Right Questions
  11. Scenario 4.2: Suspicious or Malicious?
  12. Exercise 4.2: Reviewing the Shift Log
  13. Exercise 4.3: Investigating an Unauthorized Login Attempt
  14. Exercise 4.4: Investigating Firewall Traffic
  15. Exercise 4.5: Reviewing the Security Operations Mailbox
  16. Exercise 5.1: Reviewing New Intelligence
  17. Exercise 5.2: Assessing Threat Severity
  18. Exercise 6: Recommending Remediation
  19. Exercise 7: Conducting a Post-Incident Review
  20. Exercise 8: Communicating with Operations and Senior Management
  21. Business Continuity
    Business Continuity Plan Development
    8 Topics
  22. BCP Invocation Process
    2 Topics
  23. Emergency Procedures
    7 Topics
  24. Crisis Management Team
    10 Topics
  25. BCP Seating Plan
  26. Overview
  27. Disaster Recovery
    Scope of Critical Services
  28. Network Services
  29. Application Hosting Service
  30. File Hosting Services
  31. Call Centre and Voice Recording Services
  32. Regulatory Links
  33. Thin Client Environment
  34. Voice System (Non-Service Desk)
  35. Printing Services
  36. Recovery Time Objective (RTO) & Recovery Point Objective
  37. Single Point of Failure
  38. Redundancy Requirements
  39. Alternate Locations
  40. Contact Protocol
    4 Topics
Lesson 22, Topic 2
In Progress

Invocation Decision Announcement

Lesson Progress
0% Complete

The MD & CEO / Delegate maintains the authority to take the following decisions, upon occurrence of an event causing business interruption:

  • Declare disaster and announce BCP invocation (full / partial)
  • Activate the Call Tree process (attached)
  • Decide on fundamental issues of strategy and policy
  • Update the Board of Directors and regulators of the disaster situation, recovery progress and plans

Based on the type of business interruption, intensity and impact, the invocation decision determines the level of services to be continued:

  • Level 1 – Complete services with full or reduced staff strength
  • Level 2 – Critical activities with reduced staff strength
  • Level 3 – No banking services

Checklist of activities that should take place upon invocation / restoration to normalcy detailing responsible parties. Appendix 7

1.1Escalation of an Incident

Each plan owner is responsible for immediate escalation of any incident incurring in relative area, whether the impact only affects one area / certain areas / the whole bank and regardless if leading to partial / full disaster recovery invocation.

The exact situation should be escalated to the Line of Business Head and further to the Country BCP Coordinator, who will report to O&T Head and MD & CEO.

1.2Circulation of Notifications / Announcements

O&T Head handles communication with the CEO & MD / Senior Management, whereas, the Country BCP Coordinator acts as the focal point of contact for exchange of notifications / announcements / requirements between Senior Management, different business users and support groups.

As soon as the decision to invoke the Plan is taken, following roles and responsibilities should be affected:

Escalation of an incident

Country BCP Coordinator

Business Owner

Circulation of notifications / announcements

MD & CEO

O&T Head

Country BCP Coordinator

Business Owners

Staff inquiries should be addressed to any of the following, according to subject:

 Security Service (24/7)IP 10129 
                                          Landline 02-2798 4707 or 02-2798 3777 
                                          Mobile: 011 – 133 449 99 / 012 – 226 333 20 
                                               010 – 666 943 99 / 010 – 014 222 06 
                                            Fax.: 02-2395 7982 
 IT Help Desk                         IP 3636 
 Country BCP CoordinatorWael Mandour IP 6426 
                                                                               Mobile: 010 – 62 006951  012 – 27 414841
                     Communication                                                           Hala Abou Youssef IP 3043 Mobile: 010 – 164 00 04