3. ●Respond
●NIST defines respond as "Develop and implement
appropriate activities to take action regarding a detected
cybersecurity incident".
1/8/2020 New Deal - AHR Show Orlando, FL Tuesday Feb 4, 2020 57
4. ●"The Respond Function supports the ability to contain the
impact of a potential cybersecurity incident. Examples of
outcome Categories within this Function include: Response
Planning; Communications; Analysis; Mitigation; and
Improvements".
●
1/8/2020 New Deal - AHR Show Orlando, FL Tuesday Feb 4, 2020 58
5. ●Here are the parts to the respond function and their
importance:
●Response Planning: Response processes and procedures are
executed and maintained, to ensure timely response to
detected cybersecurity events.
●Analysis: Analysis is conducted to ensure adequate response
and support recovery activities.
●Mitigation: Activities are performed to prevent expansion of
an event, mitigate its effects, and eradicate the incident.
●Communications: Response activities are coordinated with
internal and external stakeholders, as appropriate, to include
external support from law enforcement agencies.
1/8/2020 New Deal - AHR Show Orlando, FL Tuesday Feb 4, 2020 59
6. ●Improvements: Organizational response activities are
improved by incorporating lessons learned from current and
previous detection/response activities.
●When breaches occur in companies, an incident response
plan is critical to manage the immediate aftermath.
Surprisingly, lots of organizations don't have an incident
response plan, or just haven't tested the plan that they have in
place.
●Your Response Plan: Make sure that you're reporting
breaches if they occur.
●Mitigate: Make sure you have a plan to mitigate any event
that could occur, in house and with third parties.
●Analyze: Go over your plan with experts inside and outside of
your team.
1/8/2020 New Deal - AHR Show Orlando, FL Tuesday Feb 4, 2020 60