Back to Course

Incident Response

0% Complete
0/0 Steps
  1. Incident Response
    Incident Reporting
  2. Incident Response Use Cases
    Lab Setup
  3. Role Playing - Shift Manager
  4. Demonstrating: Investigating and Escalating
  5. Report from Malware Analyst
  6. Exercise 1.1: Exploring Suspicious Executable Detected using SIEM
  7. Exercise 1.2: Investigating Multiple Failed Logins using SIEM
  8. Exercise 3: Mitigating Risk
  9. Exercise 4.1: Asking the Right Questions
  10. Scenario 4.1: Asking the Right Questions
  11. Scenario 4.2: Suspicious or Malicious?
  12. Exercise 4.2: Reviewing the Shift Log
  13. Exercise 4.3: Investigating an Unauthorized Login Attempt
  14. Exercise 4.4: Investigating Firewall Traffic
  15. Exercise 4.5: Reviewing the Security Operations Mailbox
  16. Exercise 5.1: Reviewing New Intelligence
  17. Exercise 5.2: Assessing Threat Severity
  18. Exercise 6: Recommending Remediation
  19. Exercise 7: Conducting a Post-Incident Review
  20. Exercise 8: Communicating with Operations and Senior Management
  21. Business Continuity
    Business Continuity Plan Development
    8 Topics
  22. BCP Invocation Process
    2 Topics
  23. Emergency Procedures
    7 Topics
  24. Crisis Management Team
    10 Topics
  25. BCP Seating Plan
  26. Overview
  27. Disaster Recovery
    Scope of Critical Services
  28. Network Services
  29. Application Hosting Service
  30. File Hosting Services
  31. Call Centre and Voice Recording Services
  32. Regulatory Links
  33. Thin Client Environment
  34. Voice System (Non-Service Desk)
  35. Printing Services
  36. Recovery Time Objective (RTO) & Recovery Point Objective
  37. Single Point of Failure
  38. Redundancy Requirements
  39. Alternate Locations
  40. Contact Protocol
    4 Topics
Lesson 24, Topic 1
In Progress

Crisis Management Team Members

Lesson Progress
0% Complete

Core Members

  1. Chief Executive Officer and Managing Director
  2. Operation and Technology Head
  3. Wholesale Operation Head
  4. Branches’ Network Head
  5. Security Head
  6. Chief Technology Officer
  7. Human Resources Head
  8. Chief Operating Officer
  9. Treasurer
  10. Operational Risk Head

Additional Roles

  1. Retail Operation Head
  2. Chief Risk Officer
  3. IT Infrastructure and Operation Head
  4. IT Manager
  5. Chief Financial Officer
  6. Compliance Officer
  7. Legal Head
  8. Internal Control Head
  9. Audit Head
  10. Corporate Communication Head
  11. Country BCP Coordinator
  12. Information Security Head

Upon occurrence of an incident, the Crisis Management team – Core Team Members should meet at the CEO & MD office to decide on the following:

  • Identify the extent of crisis impact on business functions.
  • Review damage assessment report.
  • Verify employee safety.
  • Decide on recovery scenario and priorities.
  • Agree on announcement / status updates that should be advised to customers, media and staff members.

Additional Members may be cooperated as required.

Based on CMT decisions, the O&T Head handles communication with the CEO & MD / Senior Management, whereas, the Country BCP Coordinator acts as the focal point of contact for exchange of notifications / announcements / requirements between different business users and support groups.

The Country BCP Coordinator is responsible for implementation of the Business Continuity Plan “BCP”, which includes the orderly and timely restoration of the business operation at an alternate location and recovery of the primary site.

Some of the additional members may be required to attend, as the situation may require.

In case of difficulty for the team members to reach the meeting premises, meeting should be held remotely via Conference Bridge.

Steps for creation of a meeting via Conference Bridge:

  1. Send request to the Service Desk for initiation of a meeting, specifying meeting date, time and duration.
  • The Service Desk will coordinate with IT Communication Team and revert back to requester of the meeting with the following details:
    • Dial in number
    • Meeting ID
    • Meeting password
  • The meeting initiator should further communicate meeting details to required attendees, namely, the main Crisis Management Team members and additional members, according to the situation (i.e. in case there is a damage involved, the damage assessment team should be invited to the meeting).