Back to Course

Incident Response

  1. Incident Response
    Incident Reporting
  2. Incident Response Use Cases
    Lab Setup
  3. Role Playing - Shift Manager
  4. Demonstrating: Investigating and Escalating
  5. Report from Malware Analyst
  6. Exercise 1.1: Exploring Suspicious Executable Detected using SIEM
  7. Exercise 1.2: Investigating Multiple Failed Logins using SIEM
  8. Exercise 3: Mitigating Risk
  9. Exercise 4.1: Asking the Right Questions
  10. Scenario 4.1: Asking the Right Questions
  11. Scenario 4.2: Suspicious or Malicious?
  12. Exercise 4.2: Reviewing the Shift Log
  13. Exercise 4.3: Investigating an Unauthorized Login Attempt
  14. Exercise 4.4: Investigating Firewall Traffic
  15. Exercise 4.5: Reviewing the Security Operations Mailbox
  16. Exercise 5.1: Reviewing New Intelligence
  17. Exercise 5.2: Assessing Threat Severity
  18. Exercise 6: Recommending Remediation
  19. Exercise 7: Conducting a Post-Incident Review
  20. Exercise 8: Communicating with Operations and Senior Management
  21. Business Continuity
    Business Continuity Plan Development
    8 Topics
  22. BCP Invocation Process
    2 Topics
  23. Emergency Procedures
    7 Topics
  24. Crisis Management Team
    10 Topics
  25. BCP Seating Plan
  26. Overview
  27. Disaster Recovery
    Scope of Critical Services
  28. Network Services
  29. Application Hosting Service
  30. File Hosting Services
  31. Call Centre and Voice Recording Services
  32. Regulatory Links
  33. Thin Client Environment
  34. Voice System (Non-Service Desk)
  35. Printing Services
  36. Recovery Time Objective (RTO) & Recovery Point Objective
  37. Single Point of Failure
  38. Redundancy Requirements
  39. Alternate Locations
  40. Contact Protocol
    4 Topics
Lesson Progress
0% Complete

Plan Maintenance:

The Country BCP Coordinator is responsible for maintenance of ADIB Global BCP, while each Plan Owner is responsible for the BCP covering relative area.

The Country BCP Coordinator should verify maintenance of the following:

  • Periodic update of BRP and Call Tree
  • Follow up on execution of action plan (if any)
  • Update regulatory requirements
  • Process / personnel changes
  • Coordinate testing

Based on test results and actual experience, BCP Coordinator should refine, enhance and update the plan to be more comprehensive.

Document test results and develop corrective action plan in case of any deficiencies.

Plan must be revised at least once a year.

 Scheduled Maintenance:

Each Plan Owner is required to initiate scheduled annual maintenance of activities covered in the BCP at the end of each calendar year.

A Plan walkthrough should be conducted to determine whether strategy or procedure changes are required for further submission to the BCP Coordinator.

Review should include the following documents:

  • Business Recovery Plan
  • Business Impact Analysis

Meanwhile, call lists must be updated semi-annually.

 Un-scheduled Maintenance:

Ad hoc maintenance of the plan is triggered by any of the following items:

  • Changes in employee information (phone numbers, etc).
  • Changes in personnel (new or departing employees).
  • Changes in roles and responsibilities.
  • Major changes in key processes.
  • Changes in equipment dependencies.
  • Organizational restructures.
  • Regulations / CBE instructions update.
  • BCP invocation.
  • Plan testing.

Access to the Plan:

Each staff member, playing a role within the procedures described in the Business Continuity Plan is required to keep two copies of the Plan in a secure place.

  • One for the officeto take in case of evacuation
  • Another to be easily and securely accessible outside the office (eg in the car or at home).

A current version of the documented plan must be stored offsite, namely, at the alternative site and treated as vital record.

Plan Testing:

Testing is an integral part of the training and maintenance, serving as re-assurance that in the event of any interruption, business will continue operation.

Test Frequency:

BCP Coordinator will arrange with business owners for conducting BCP test on annual basis at the alternative locations. For any major change a test should be conducted within 90 days from this change.

The test should be conducted with different team members each time to verify that all employees are familiar with their role within the BCP.

An actual business interruption may substitute a test, subject to fulfillment of the following:

  1. Sufficient components of the BRP were activated.
  2. Test scenarios not fulfilled during the event are tested thereafter.
  3. All required documents and post fact reports are prepared and approved by the Division Head.
  4. Overall Lessons Learned report is prepared by the BCP Coordinator and submitted to both Operation Head, as well as O&T Head.

Test Types:

Test may be conducted via one of the following methods:

  • Walk through exercise
    • Simulation exercise

Test Components:

Each business owner should develop a testing strategy consisting of the following elements:

  1. Objectives:

The purpose of BCP testing is to verify the following:

  • Plan is functional and adequate to support the resumption of key processes.
    • Business Continuity Plan has been properly maintained and updated to reflect the actual business resumption needs.
  • Assumptions:
    • Considering transactions volume, function criticality, required resources and applications.
      • Dependency on other parties, whether within ADIB or outsource vendor.
  • Success Criteria:

At minimum, success criteria should include the following:          RTO requirement is met.

                         Business process is functional from the alternative site.

  • Test scenarios / cases:
    • Develop test scripts based on assessed risk, assumptions and success criteria.
      • Document technical and business requirements.
      • Identify dependency on physical documents or outsource vendor / service provider.
      • Test plan should include all functions and required resources.
      • Document manual turn around solution (if any).
  • Post testing activities:
    • Verify that all activities are tested, as detailed in the test script.
      • Validate that test objectives have been met.
      • Prepare Lessons Learned detailing successful / failed test components and corrective action within maximum 30 days of the test.
      • Assign ownership for resolution of test issues and follow up till closure.

Test Results:

A log of test results will be maintained by each business owner and copy with the BCP Coordinator for use in improving and updating the plan. At the end of the plan test, any changes will be incorporated therein.

Further test should take place upon plan update for regulatory requirements, process / personnel changes or at least annually.

Any failed testing component must be re-tested within maximum 120 days after corrective action has been taken.

 Expense Posting:

Costs incurring within the process of preparation/implementation of COB plan are submitted to the Financial Administration along with supporting documents (approvals, invoices, etc….) for posting as an expense on the cost centre.