Your cart is empty
Empty notifications
Login Register

Incident Management: Planning and Response

Lesson 24/32 | Study Time: Min
Course: Level 5 Diploma in Cyber Security


Incident Management: Planning and Response

Do you know that the right response to a major cyber incident can mean the difference between your organization's survival and its downfall? The story of the infamous 2017 Equifax data breach is one stark reminder of the catastrophic consequences of mismanaging a cyber incident. Within a few weeks, the incident had wiped off over $5 billion of Equifax's market value.

Incident Management: Planning and Response is a unit designed to equip learners with the knowledge and skills to prevent such a disaster.

A Look at the Setup: Site, Staffing, and Arrangements

When a cyber incident strikes, a well-planned response involving a specific site, skilled personnel and strategic organizational arrangements can make all the difference. For instance, a dedicated office space equipped with secure computer systems and staffed by a team of cyber security specialists can expedite the response process. Sony Pictures, in response to their 2014 cyber-attack, established a clean room for investigators to work on their systems, highlighting the importance of a pre-planned site.

Forming an Organizational CERT Team

A crucial part of incident management is the formation of a Computer Emergency Response Team (CERT). This is a group of experts trained to respond to cyber incidents. When GitHub suffered a DDoS attack in 2018, its internal CERT team played a pivotal role in the mitigation process. The team was able to quickly respond, analyze the situation, and reduce the impact of the attack.

Landing on the Right Personnel and Equipment

The right personnel and equipment are another critical factor in incident planning and management. Cyber security analysts, network engineers, forensic experts, threat intelligence analysts are just a few roles that form a competent CERT team. Moreover, it is essential to have the right equipment like intrusion detection systems, firewalls, threat intelligence platforms, and forensics tools to facilitate incident response.

An Exploration into Incident Management Sub-Disciplines

Learners will delve deeper into the core sub-disciplines of Cyber Incident Management. This includes disciplines like disaster recovery, business continuity, and crisis communications among others. Real-life incidents such as the Dyn DDoS attack of 2016 serve to illustrate the importance of these disciplines. Dyn was able to recover quickly and restore services due to its strong disaster recovery practices.

In conclusion, understanding and implementing the elements of Incident Management: Planning and Response can go a long way in safeguarding an organization from the fallout of a major cyber incident. As the digital landscape continues to evolve, so does the complexity and frequency of cyber attacks, making this knowledge more relevant than ever.

Previous Lesson Next Lesson
Saqib Shehzad Bhatti

Saqib Shehzad Bhatti

Product Designer
Profile

Class Sessions

1- Introduction 2- Cryptography: Understanding the concept and application of cryptography. 3- Symmetric and asymmetric modes: Understanding the different modes and approaches in cryptography. 4- Cryptographic methods and standards: Assessing how cryptographic methods and standards support the security of cyber-enabled networks and devices. 5- Standards, regulations, and laws: Understanding the standards, regulations, and laws related to encryption in business and government organizations. 6- Methods of attack on encrypted data: Understanding the different methods of attack used to target encrypted data. 7- Additional encryption methods: Assessing the availability of additional encryption methods. 8- Escrow and recovery principles. 9- Evaluation of existing encryption. 10- Designing an encryption plan. 11- Recommended courses of action. 12- Introduction 13- Investigation lifecycle: Understand the stages involved in a digital investigation from initiation to conclusion. 14- Digital domain investigation organization and management: Explain how a digital investigation is organized and managed within a digital domain. 15- Tools for digital investigations: Analyze the range of tools available to support digital investigations in different situations. 16- Selection of tools for digital investigations: Select the appropriate tools to carry out a digital investigation for a given situation. 17- Skills required for investigations and forensics work: Explain the types of skills required to undertake various investigations and forensic-related. 18- Dynamics of forming and integrating investigation teams: Explain the dynamics involved in forming and integrating digital investigation teams. 19- Plan for the formation of investigation and forensics teams: Develop a plan for the formation of an investigation and forensics team. 20- Retrieval of evidence from mobile and IoT devices: Explain how evidence can be retrieved from mobile devices and IoT devices. 21- Safeguarding evidential integrity in digital investigations: Analyze how evidential integrity is safeguarded during digital investigations. 22- Storage and presentation of evidence. 23- Introduction 24- Incident Management: Planning and Response 25- Business Continuity Management in Incident Planning and Response 26- Integration of Disaster Recovery and Crisis Management in Cyber-enabled Incidents 27- Impact of Crisis Communications. 28- Introduction 29- Senior leadership in a tech sector setting: Understanding the roles and responsibilities of senior leaders in the technology industry. 30- Integration of management and operational programs: Exploring the importance of integrating management and operational programs for optimum performance. 31- Risk management and threat identification: Understanding how risk management and threat identification are integrated into wider corporate strategy. 32- Data protection legislation and strategic Leadership.
noreply@uecampus.com
-->