Incident Response
-
Incident ResponseIncident Reporting
-
Incident Response Use CasesLab Setup
-
Role Playing - Shift Manager
-
Demonstrating: Investigating and Escalating
-
Report from Malware Analyst
-
Exercise 1.1: Exploring Suspicious Executable Detected using SIEM
-
Exercise 1.2: Investigating Multiple Failed Logins using SIEM
-
Exercise 3: Mitigating Risk
-
Exercise 4.1: Asking the Right Questions
-
Scenario 4.1: Asking the Right Questions
-
Scenario 4.2: Suspicious or Malicious?
-
Exercise 4.2: Reviewing the Shift Log
-
Exercise 4.3: Investigating an Unauthorized Login Attempt
-
Exercise 4.4: Investigating Firewall Traffic
-
Exercise 4.5: Reviewing the Security Operations Mailbox
-
Exercise 5.1: Reviewing New Intelligence
-
Exercise 5.2: Assessing Threat Severity
-
Exercise 6: Recommending Remediation
-
Exercise 7: Conducting a Post-Incident Review
-
Exercise 8: Communicating with Operations and Senior Management
-
Business ContinuityBusiness Continuity Plan Development8 Topics
-
BCP Invocation Process2 Topics
-
Emergency Procedures7 Topics
-
Crisis Management Team10 Topics
-
BCP Seating Plan
-
Overview
-
Disaster RecoveryScope of Critical Services
-
Network Services
-
Application Hosting Service
-
File Hosting Services
-
Call Centre and Voice Recording Services
-
Regulatory Links
-
Thin Client Environment
-
Voice System (Non-Service Desk)
-
Printing Services
-
Recovery Time Objective (RTO) & Recovery Point Objective
-
Single Point of Failure
-
Redundancy Requirements
-
Alternate Locations
-
Contact Protocol4 Topics
Participants3
Scope of Critical Services
In General, the allowed time for trouble shooting for any critical service issue is 2 hours with update every 30 min.
During this period, a decision from O&T head and IT head could be taken to activate the related BCP mentioned in each scenario in this document.
2.1 Network services
This will cover any problem in country network links between DC, DR, and main buildings in Omar Makram and Garden City as well as the International circuit to Abu Dhabi.
This will also cover the Core switches and routers malfunction.
2.2 Application hosting services
This is related to Exchange server, GFS, Ethix finance, Swift, Core Banking DB/Sybase/SQL, SharePoint, VMware, and Xen server host.
2.3 File hosting services
This is related to file servers used by the business for BAU activities, and Core storage HW
2.4 Call Center and voice recording services
This is to cover the Call Center Server/DB and the Voice recording services
2.5 Central bank, Regulatory secured links
This is to cover the firewalled systems and 3rd party service (CBE/ISCORE/NPC/123) as well as Swift link Failure.
2.6 Reuters
This is related to REUTERS link and services to ADIB
2.7 Thin Client Environment
This is to cover thin client users
2.8 Normal (Non Call Center) Telephone system
This is related to Cisco Telephone system for all the bank users except for Call Center.
2.9 Xerox printing
This is related to the process of printing the bank statement.