EC-Council, profile picture
Uploaded byEC-Council
PPTX, PDF311 views

Phases of Incident Response

This document outlines a class on incident response in information security, detailing learning objectives such as identifying phases of incident response and creating incident response plans. Key phases of incident response discussed include preparation, detection and analysis, containment, eradication and recovery, and post-incident activity. The instructor, Zachery S. Mitcham, has extensive experience in the field and aims to guide participants towards effective strategies for handling security incidents.

Technology
Related topics:
Incident Response

Embed presentation

Downloaded 13 times
Incident Response Phasesof IncidentResponse ZacheryS.Mitcham,MSA
AboutMe ● Zachery S. Mitcham ● 38 years of Information Security experience beginning as a U.S. Army Officer ● MSA-Administration, Certified CISO; Certified Computer Security Incident Handler; Graduate Certificate-Harvard University ● I am one of thirteen children ● Feel free to view my linkedin profile at: https://www.linkedin.com/in/zmitcham/
Prerequisites There are no formal prerequisites for this class however you will benefit greatly by previewing the NIST 800 special publication 61 accessible at the following link: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800- 61r2.pdf
Supplementary Materials We will use NIST 800 sp 61 as the basis for our discussion. Again, you may download it at the following link: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-6 1r2.pdf
Target Audience ● This class is primarily intended for those that are in need of an informational overview on how to respond to information security incidents or have a responsibility for doing so. ● It will also assist with your preparation for a Computer Security Incident Handling certification
Learning Objectives ❖ Upon completion of this class you will be able to: ➢ Identify the phases of incident response ➢ Create a Computer Security Incident Response Plan ➢ Identify composition of key personnel necessary to serve as incident responders. ❖ This class will cover the phases of incident handling and how each phase relates to responding to information security incidents.
Definitions ❖ The mission of information security professionals is to safeguard the confidentiality, integrity and availability of data that is processed, stored and transmitted over a technological network whether it is at rest or in flight. ❖ Security Incident - any situation, condition, or circumstance whereby security control measures placed within information systems are circumvented. ❖ Computer Security Incident Response Team (CSIRT)- An organization or team that provides services and support to a defined constituency for preventing, handling, and responding to computer security incidents.
Phases of IncidentResponse ❖ Preparation ❖ Detection andAnalysis ❖ Containment, Eradication and Recovery ❖ Post IncidentActivity
Incident Handling Activities Triage – the actions taken to categorize, prioritize, and assign events and incidents. Detecting and Reporting – the ability to receive and review event information, incident reports, and alerts. Analysis – the attempt to determine what has happened, what impact, threat, or damage resulted, and what recovery or mitigation steps should be followed. This can include characterizing new threats that may impact the infrastructure. Incident response – the actions taken to resolve or mitigate an incident, coordinate and disseminate information, and implement follow-up strategies to prevent the incident from happening again.
Preparation Phase Adequate systems, resources and tools emplaced to respond to the incident Incident Response Plan development Incident Response Team Development Contact information for team members, War room, Evidence gathering
Detection and Analysis Phase Identification and assess magnitude of the threat (IDS/IPS, Security Information and Event Management (SIEM),A/V tools-System Center Configuration Manager(SCCM), system logs)
Containment, Eradication and Recovery Prevention of threat propagation, remediation and operational or system restoration.
Post Incident Activity Post Mortem debriefing, Lessons Learned, Documentation and Reporting.
Quiz What is the first phase of incident handling? A) Panic phase B) Priority Information Requirements phase C) Paranoia phase D) Preparation phase Answer D - The Preparation Phase-is the most important phase. Without it your response will be inadequate. Always remember to “Sweat more in training and bleed less in war!”
Quiz What is Triage? A) Remediation of issues causing the incident B) Artifacts analysis C) Prioritizing events D) Reporting the incident to law enforcement Answer C - Prioritizing. Triage are the actions taken to categorize, prioritize, and assign events and incidents.
Summary ● During this class, we discussed: ❖ The different phases of incident response and how each phase relates to responding to information security incidents ❖ Creation of a Computer Security Incident Response Plan ❖ Identification of key personnel necessary to serve as incident responders. ● Looking forward, our next class will cover the individual phases of incident response in depth

More Related Content

PPTX
Threats Intelligence and analysis . pptx
bybilal12rana21
 
PPTX
Incident response
byAnshul Gupta
 
PPTX
Introduction to SIEM.pptx
byneoalt
 
PPTX
SOC and SIEM.pptx
bySandeshUprety4
 
PPTX
Effective Security Operation Center - present by Reza Adineh
byReZa AdineH
 
PDF
Red Team Framework
by👀 Joe Gray
 
PPTX
Role of data mining in cyber security
byPranto26
 
PDF
Cybersecurity for Critical National Infrastructure
byDr David Probert
 
Threats Intelligence and analysis . pptx
bybilal12rana21
 
Incident response
byAnshul Gupta
 
Introduction to SIEM.pptx
byneoalt
 
SOC and SIEM.pptx
bySandeshUprety4
 
Effective Security Operation Center - present by Reza Adineh
byReZa AdineH
 
Red Team Framework
by👀 Joe Gray
 
Role of data mining in cyber security
byPranto26
 
Cybersecurity for Critical National Infrastructure
byDr David Probert
 

What's hot

PPTX
Introduction-to-Security-Operations-Center (SOC)
bysumank281995
 
PDF
Incident response methodology
byPiyush Jain
 
PPTX
Security operation center (SOC)
byAhmed Ayman
 
PPTX
Cyber Security roadmap.pptx
bySandeepK707540
 
PPTX
Data security
byAbdulBasit938
 
PPTX
Implementing cybersecurity best practices and new technology ppt (1).pptx
bydamilolasunmola
 
PPTX
Cyber security landscape
byJisc
 
PDF
Building Security Operation Center
byS.E. CTS CERT-GOV-MD
 
PDF
Threat Intelligence 101 - Steve Lodin - Submitted
bySteve Lodin
 
PPTX
Cyber Security Standards Compliance
byDr. Prashant Vats
 
PPTX
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
byOWASP Delhi
 
PDF
Cyber threat intelligence ppt
byKumar Gaurav
 
PPT
Security technologies
byDhani Ahmad
 
PPT
Basics of Information System Security
bychauhankapil
 
PPT
Information security
byLJ PROJECTS
 
PDF
Network Security Tutorial | Introduction to Network Security | Network Securi...
byEdureka!
 
PDF
Cyber forensics and auditing
bySweta Kumari Barnwal
 
PPTX
kill-chain-presentation-v3
byShawn Croswell
 
PPT
IoT Security – Executing an Effective Security Testing Process
byEC-Council
 
PPTX
Digital investigation
byunnilala11
 
Introduction-to-Security-Operations-Center (SOC)
bysumank281995
 
Incident response methodology
byPiyush Jain
 
Security operation center (SOC)
byAhmed Ayman
 
Cyber Security roadmap.pptx
bySandeepK707540
 
Data security
byAbdulBasit938
 
Implementing cybersecurity best practices and new technology ppt (1).pptx
bydamilolasunmola
 
Cyber security landscape
byJisc
 
Building Security Operation Center
byS.E. CTS CERT-GOV-MD
 
Threat Intelligence 101 - Steve Lodin - Submitted
bySteve Lodin
 
Cyber Security Standards Compliance
byDr. Prashant Vats
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
byOWASP Delhi
 
Cyber threat intelligence ppt
byKumar Gaurav
 
Security technologies
byDhani Ahmad
 
Basics of Information System Security
bychauhankapil
 
Information security
byLJ PROJECTS
 
Network Security Tutorial | Introduction to Network Security | Network Securi...
byEdureka!
 
Cyber forensics and auditing
bySweta Kumari Barnwal
 
kill-chain-presentation-v3
byShawn Croswell
 
IoT Security – Executing an Effective Security Testing Process
byEC-Council
 
Digital investigation
byunnilala11
 

Similar to Phases of Incident Response

PPTX
The Six Stages of Incident Response
byDarren Pauli
 
PPT
Incident handling.final
byahmad abdelhafeez
 
PPTX
The Six Stages of Incident Response - Auscert 2016
byAshley Deuble
 
PDF
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
byIGN MANTRA
 
PDF
INCIDENT RESPONSE NIST IMPLEMENTATION
bySylvain Martinez
 
PPTX
Lecture 06 - Incident Management and SOC.pptx
byprasadsanjaya2
 
PPTX
L11 Transition And Key Roles and SAT ROB IRP.pptx
byStevenTharp2
 
PPTX
Week-3_Incident Response .pptx------------------
byAmirMohamedNabilSale
 
PDF
5 Steps to Improve Your Incident Response Plan
byResilient Systems
 
PPT
11-Incident Response, Risk Management Sample Question and Answer-24-06-2023.ppt
byabhichowdary16
 
PPT
IRTIRTIRTIRTIRTIRTIRTIRTIRTIRTIRTIRTIRTIRT.ppt
byabhimannyubanerjee
 
PPTX
Incident response Process in information security .pptx
bySarwatDilawaiz
 
PDF
Ch5-Incident Response Management.pdfncident Response Management.
bySuhail Qadir Mir
 
PPTX
chapter on Incident Response Management.
bySuhail Qadir Mir
 
PPTX
Ch2-Incident Response Process.pptxIncident Response Process
bySuhail Qadir Mir
 
PPTX
Incident Response Security
byssuser30902e
 
DOCX
Incident ResponseAs a security professional, you will.docx
byMARRY7
 
DOCX
Winchester Aquarium and Pet Center Incident Response Plan
byR. Curtis Roth
 
PPT
Latihan6 comp-forensic-bab5
bysabtolinux
 
PDF
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
byIGN MANTRA
 
The Six Stages of Incident Response
byDarren Pauli
 
Incident handling.final
byahmad abdelhafeez
 
The Six Stages of Incident Response - Auscert 2016
byAshley Deuble
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
byIGN MANTRA
 
INCIDENT RESPONSE NIST IMPLEMENTATION
bySylvain Martinez
 
Lecture 06 - Incident Management and SOC.pptx
byprasadsanjaya2
 
L11 Transition And Key Roles and SAT ROB IRP.pptx
byStevenTharp2
 
Week-3_Incident Response .pptx------------------
byAmirMohamedNabilSale
 
5 Steps to Improve Your Incident Response Plan
byResilient Systems
 
11-Incident Response, Risk Management Sample Question and Answer-24-06-2023.ppt
byabhichowdary16
 
IRTIRTIRTIRTIRTIRTIRTIRTIRTIRTIRTIRTIRTIRT.ppt
byabhimannyubanerjee
 
Incident response Process in information security .pptx
bySarwatDilawaiz
 
Ch5-Incident Response Management.pdfncident Response Management.
bySuhail Qadir Mir
 
chapter on Incident Response Management.
bySuhail Qadir Mir
 
Ch2-Incident Response Process.pptxIncident Response Process
bySuhail Qadir Mir
 
Incident Response Security
byssuser30902e
 
Incident ResponseAs a security professional, you will.docx
byMARRY7
 
Winchester Aquarium and Pet Center Incident Response Plan
byR. Curtis Roth
 
Latihan6 comp-forensic-bab5
bysabtolinux
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
byIGN MANTRA
 

More from EC-Council

PDF
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
byEC-Council
 
PPTX
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
byEC-Council
 
PDF
Cloud Security Architecture - a different approach
byEC-Council
 
PPTX
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
byEC-Council
 
PPTX
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
byEC-Council
 
PDF
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
byEC-Council
 
PPTX
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
byEC-Council
 
PPTX
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
byEC-Council
 
PDF
Weaponizing OSINT – Hacker Halted 2019 – Michael James
byEC-Council
 
PDF
War Game: Ransomware – Global CISO Forum 2019
byEC-Council
 
PDF
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
byEC-Council
 
PDF
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
byEC-Council
 
PPTX
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
byEC-Council
 
PDF
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
byEC-Council
 
PDF
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
byEC-Council
 
PDF
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
byEC-Council
 
PPTX
CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
byEC-Council
 
PPTX
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
byEC-Council
 
PPTX
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
byEC-Council
 
PPTX
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
byEC-Council
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
byEC-Council
 
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
byEC-Council
 
Cloud Security Architecture - a different approach
byEC-Council
 
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
byEC-Council
 
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
byEC-Council
 
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
byEC-Council
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
byEC-Council
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
byEC-Council
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
byEC-Council
 
War Game: Ransomware – Global CISO Forum 2019
byEC-Council
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
byEC-Council
 
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
byEC-Council
 
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
byEC-Council
 
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
byEC-Council
 
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
byEC-Council
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
byEC-Council
 
CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
byEC-Council
 
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
byEC-Council
 
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
byEC-Council
 
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
byEC-Council
 

Recently uploaded

PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PPTX
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
PDF
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
PDF
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
PDF
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PDF
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PPTX
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PPTX
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
PPTX
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 

Phases of Incident Response

  • 1.
  • 2.
    AboutMe ● Zachery S.Mitcham ● 38 years of Information Security experience beginning as a U.S. Army Officer ● MSA-Administration, Certified CISO; Certified Computer Security Incident Handler; Graduate Certificate-Harvard University ● I am one of thirteen children ● Feel free to view my linkedin profile at: https://www.linkedin.com/in/zmitcham/
  • 3.
    Prerequisites There are noformal prerequisites for this class however you will benefit greatly by previewing the NIST 800 special publication 61 accessible at the following link: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800- 61r2.pdf
  • 4.
    Supplementary Materials We willuse NIST 800 sp 61 as the basis for our discussion. Again, you may download it at the following link: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-6 1r2.pdf
  • 5.
    Target Audience ● Thisclass is primarily intended for those that are in need of an informational overview on how to respond to information security incidents or have a responsibility for doing so. ● It will also assist with your preparation for a Computer Security Incident Handling certification
  • 6.
    Learning Objectives ❖ Uponcompletion of this class you will be able to: ➢ Identify the phases of incident response ➢ Create a Computer Security Incident Response Plan ➢ Identify composition of key personnel necessary to serve as incident responders. ❖ This class will cover the phases of incident handling and how each phase relates to responding to information security incidents.
  • 7.
    Definitions ❖ The missionof information security professionals is to safeguard the confidentiality, integrity and availability of data that is processed, stored and transmitted over a technological network whether it is at rest or in flight. ❖ Security Incident - any situation, condition, or circumstance whereby security control measures placed within information systems are circumvented. ❖ Computer Security Incident Response Team (CSIRT)- An organization or team that provides services and support to a defined constituency for preventing, handling, and responding to computer security incidents.
  • 8.
    Phases of IncidentResponse ❖Preparation ❖ Detection andAnalysis ❖ Containment, Eradication and Recovery ❖ Post IncidentActivity
  • 9.
    Incident Handling Activities Triage– the actions taken to categorize, prioritize, and assign events and incidents. Detecting and Reporting – the ability to receive and review event information, incident reports, and alerts. Analysis – the attempt to determine what has happened, what impact, threat, or damage resulted, and what recovery or mitigation steps should be followed. This can include characterizing new threats that may impact the infrastructure. Incident response – the actions taken to resolve or mitigate an incident, coordinate and disseminate information, and implement follow-up strategies to prevent the incident from happening again.
  • 10.
    Preparation Phase Adequate systems,resources and tools emplaced to respond to the incident Incident Response Plan development Incident Response Team Development Contact information for team members, War room, Evidence gathering
  • 11.
    Detection and AnalysisPhase Identification and assess magnitude of the threat (IDS/IPS, Security Information and Event Management (SIEM),A/V tools-System Center Configuration Manager(SCCM), system logs)
  • 12.
    Containment, Eradication andRecovery Prevention of threat propagation, remediation and operational or system restoration.
  • 13.
    Post Incident Activity PostMortem debriefing, Lessons Learned, Documentation and Reporting.
  • 14.
    Quiz What is thefirst phase of incident handling? A) Panic phase B) Priority Information Requirements phase C) Paranoia phase D) Preparation phase Answer D - The Preparation Phase-is the most important phase. Without it your response will be inadequate. Always remember to “Sweat more in training and bleed less in war!”
  • 15.
    Quiz What is Triage? A)Remediation of issues causing the incident B) Artifacts analysis C) Prioritizing events D) Reporting the incident to law enforcement Answer C - Prioritizing. Triage are the actions taken to categorize, prioritize, and assign events and incidents.
  • 16.
    Summary ● During thisclass, we discussed: ❖ The different phases of incident response and how each phase relates to responding to information security incidents ❖ Creation of a Computer Security Incident Response Plan ❖ Identification of key personnel necessary to serve as incident responders. ● Looking forward, our next class will cover the individual phases of incident response in depth