Back to Course

Incident Response

  1. Incident Response
    Incident Reporting
  2. Incident Response Use Cases
    Lab Setup
  3. Role Playing - Shift Manager
  4. Demonstrating: Investigating and Escalating
  5. Report from Malware Analyst
  6. Exercise 1.1: Exploring Suspicious Executable Detected using SIEM
  7. Exercise 1.2: Investigating Multiple Failed Logins using SIEM
  8. Exercise 3: Mitigating Risk
  9. Exercise 4.1: Asking the Right Questions
  10. Scenario 4.1: Asking the Right Questions
  11. Scenario 4.2: Suspicious or Malicious?
  12. Exercise 4.2: Reviewing the Shift Log
  13. Exercise 4.3: Investigating an Unauthorized Login Attempt
  14. Exercise 4.4: Investigating Firewall Traffic
  15. Exercise 4.5: Reviewing the Security Operations Mailbox
  16. Exercise 5.1: Reviewing New Intelligence
  17. Exercise 5.2: Assessing Threat Severity
  18. Exercise 6: Recommending Remediation
  19. Exercise 7: Conducting a Post-Incident Review
  20. Exercise 8: Communicating with Operations and Senior Management
  21. Business Continuity
    Business Continuity Plan Development
    8 Topics
  22. BCP Invocation Process
    2 Topics
  23. Emergency Procedures
    7 Topics
  24. Crisis Management Team
    10 Topics
  25. BCP Seating Plan
  26. Overview
  27. Disaster Recovery
    Scope of Critical Services
  28. Network Services
  29. Application Hosting Service
  30. File Hosting Services
  31. Call Centre and Voice Recording Services
  32. Regulatory Links
  33. Thin Client Environment
  34. Voice System (Non-Service Desk)
  35. Printing Services
  36. Recovery Time Objective (RTO) & Recovery Point Objective
  37. Single Point of Failure
  38. Redundancy Requirements
  39. Alternate Locations
  40. Contact Protocol
    4 Topics
Lesson Progress
0% Complete

A technique for identifying both tangible and intangible impacts on a business process, function or department, usually over time based on given criticalities. It provides senior management with information to devise a recovery strategy and recovery prioritization.

The level of recovery and the time to resume a process or function based on regulatory requirements and/or an assessment of the financial, operational and brand damage resulting from a business interruption. This includes:

  • Recovery Point Objective (RPO) – The level of currency of the data you are recovering. Varies from the last good backup, which may be 24-48 hours old, up to the last recorded transaction before the disaster.
  • In case the online replication is in place, delay will only be few minutes. Clearly shown on DR document – Appendix 3
  • Recovery Time Objective (RTO) – The time consumed to restore user access to the applications and data.

In development of the plan, a clear distinction between risk prevention and recovery is necessary, where any of the following risk control strategies may be implemented:

 DefinitionExample
Acceptance Transfer Mitigation EliminationWillingly accept the risk with a clear understanding of the financial exposure to the bank and its shareholdersAn educated decision to “Do Nothing” could be the correct approach, if the cost of mitigation significantly outweighs the benefit.
Transfer financial exposure to third partyThe risk is transferred to the Insurance company, who will handle coverage of incurred losses.
Reduce the exposure to the expected event or provide an alternative in case of failure to prevent (recover).Install fire-fighting equipment, redundant equipment, provide alternate communication routing, develop a business recovery program / provide an alternative processing location.
Completely avoid the risk exposureStop the operation