The Incident Response Team Episode

Show Notes

KirkpatrickPrice is on a mission to help 10,000 people elevate the standards for cybersecurity and compliance. Join Our Cybersecurity Mission: https://www.linkedin.com/showcase/our-cybersecurity-mission 

  

Our rapid response team had three specialized roles on it:  

• Duncan – Pen Testing
• Eric – IT  
• Alan – Privacy

 

The first step in responding to this incident was discovery. This is part of the phase known as detection and identification. Duncan identified what type of data was taken and what methods were used.  

Communication is a critical piece for incident response. Communicating with the coworkers who reported the incident, executive management to get context about the issue, technical personnel to know what controls are in place, etc.  

The reason a privacy specialist was involved with the team was to analyze what kind of data was involved and what regulatory requirements might apply. This is important because it affects notification responsibilities. 

Prepare 

The best time for incident response is BEFORE an incident occurs. Prepare now by making decisions about how you’ll react WHEN an incident occurs. You can walk through a scenario today for what you’ll do if an employee takes data they shouldn’t.  

Lessons Learned 

• What policies and procedures need to change? 
• What controls should be adjusted? 
• Are there areas where response time could have been different? 
• What training is needed? 

Incident Response Recommendations and Considerations for Cybersecurity Risk Management – NIST 800-62r3 

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r3.pdf 

SANS Incident Response Framework 

https://www.sans.org/security-resources/glossary-of-terms/incident-response 

KirkpatrickPrice is on a mission to help 10,000 people elevate the standards for cybersecurity and compliance. Join Our Cybersecurity Mission: https://www.linkedin.com/showcase/our-cybersecurity-mission