Back to Course

Incident Response

0% Complete
0/71 Steps
  1. Incident Response
    Incident Reporting
  2. Incident Response Use Cases
    Lab Setup
  3. Role Playing - Shift Manager
  4. Demonstrating: Investigating and Escalating
  5. Report from Malware Analyst
  6. Exercise 1.1: Exploring Suspicious Executable Detected using SIEM
  7. Exercise 1.2: Investigating Multiple Failed Logins using SIEM
  8. Exercise 3: Mitigating Risk
  9. Exercise 4.1: Asking the Right Questions
  10. Scenario 4.1: Asking the Right Questions
  11. Scenario 4.2: Suspicious or Malicious?
  12. Exercise 4.2: Reviewing the Shift Log
  13. Exercise 4.3: Investigating an Unauthorized Login Attempt
  14. Exercise 4.4: Investigating Firewall Traffic
  15. Exercise 4.5: Reviewing the Security Operations Mailbox
  16. Exercise 5.1: Reviewing New Intelligence
  17. Exercise 5.2: Assessing Threat Severity
  18. Exercise 6: Recommending Remediation
  19. Exercise 7: Conducting a Post-Incident Review
  20. Exercise 8: Communicating with Operations and Senior Management
  21. Business Continuity
    Business Continuity Plan Development
    8 Topics
  22. BCP Invocation Process
    2 Topics
  23. Emergency Procedures
    7 Topics
  24. Crisis Management Team
    10 Topics
  25. BCP Seating Plan
  26. Overview
  27. Disaster Recovery
    Scope of Critical Services
  28. Network Services
  29. Application Hosting Service
  30. File Hosting Services
  31. Call Centre and Voice Recording Services
  32. Regulatory Links
  33. Thin Client Environment
  34. Voice System (Non-Service Desk)
  35. Printing Services
  36. Recovery Time Objective (RTO) & Recovery Point Objective
  37. Single Point of Failure
  38. Redundancy Requirements
  39. Alternate Locations
  40. Contact Protocol
    4 Topics
Lesson Progress
0% Complete

The key for preparation of an effective Business Continuity Plan is to first identify the risks / triggers, business is exposed to and the likelihood of relative occurrence. Accordingly, individual BIAs are prepared for branches and critical functions.

Impact severity is measured on a scale from 1 to 5 (most likely to less likely).

This exercise helps identify the Recovery Point Objective “RPO” and the Recovery Time Objective “RTO”, providing a clear vision for establishment of the business continuity strategy.

1.1Trigger:

To enable management of an impact developing a crisis, potential risks are identified and different scenarios prepared for handling crisis events covering the following categories:

A. Environmental Disasters

  • Earthquakes
    • Flood

B. Human

  • Loss of essential staff members or executive team (mass resignation, lay off, long-tem illness or death)
    • Employee strike
    • Major labor dispute
    • Medical emergency (a number of key staff members contract food poisoning / spreading contagious diseases)

C. Political Threats

  • Civil act
    • Strikes /demonstrations
    • Escalated violence resulting from terrorist activity
    • Governmental coup or civil war and a possibility of war with another country

D. Criminal Acts

  • Acts of violence against persons or property
    • Kidnap
    • Robbery
    • Bomb threat
    • Murder
    • Workplace violence
    • Unauthorized building access

E. System non-availability

  • Telecommunication outages
    • Computer virus
    • Worm infestation § Hacking

F. Others

  • Fire
    • Loss of electrical power
1.2Key Event:

Key events are a result of a realized trigger, accordingly, the recovery scenarios vary based on the reason of business interruption, duration and impact on business continuity.

  • Loss of access to a whole building / entire district
    • System non-availability
    • Communication failure
    • Loss of data (electronic / hard copy)
    • Staff non-ability to reach business premises

As the situation may be, the crisis could lead to lack / loss of resources, utilities, systems / applications, transportation means, man-power or inability to access business premises, accordingly, different mitigations and continuity solutions are prepared for each scenario separately.

Key Event  MitigationSolution
  Loss of access to business premises  Data and systems backup storage Fire Prevention Plan    Staff relocation to the alternative site
System non-availabilityBackup Infrastructure Antivirus Software Firewalls Periodic Vulnerability Testing Data Replication  Apply DR Plan
Communication failure–      Communication Bridges
Mobile phonesSatellite phones
Call Tree activation
Power FailureUPS
Generator
Staff relocation to alternative site
Use Laptops