SlideShare a Scribd company logo

Incident_Response_for_Management_Presentation.pptx

Download as PPTX, PDF
S
ssuser2a8bb7

incident response template

Education
1 of 13
Presentation Template: ‘Incident Response (IR) Reporting for management’
What is the ‘IR for management’ Presentation Template? You are accountable for cyber security at your company. Sooner or later you’ll experience a security incident and conduct an IR process to detect, contain and recover. An important part of this process is communicating it to your management both during the response itself as well as following its conclusion. While they not necessarily security pros, they need to have full visibility and knowledge into the event and its potential risk. The ‘Incident Response (IR) for Management‘ presentation template enables you to easily deliver a clear and concise reporting on the incident’s status, nature and scope as well as on the overall IR process. 2
What is the ‘IR for management’ Presentation Template? The template provides concise reporting tool for each stage that includes high level status description and business risk overview. The template is purposely modular enabling you to tailor it to your specific needs per the specific incident you manage. 3
IDENTIFICATION • Threat and Risk: what is the threat type, how was it detected and what are is the potential risk • Onward steps: who is the case manager, what are the investigation directions, budget request and estimated timeline CONTAINMENT • Root cause, scope, current status and onward steps RECOVERY • Listing all affected entities and their back-to-production rate ERADICATION • Interim: current status and onward steps • Final: listing all removed threats, estimated attack objective and its success level LESSONS LEARNED • Overall damage, what enabled the attack, refection on the previous IR process stages What does the Template Include? 4
• The template is built from tables you need to fill up in respect to your specific use case. • You are free to split the parts into different sessions according to the incident type and severity – for example, a long investigation might justify several containmenteradication sessions, while a short 3-day investigation may result with one session form identification to lessons learned. • There are few places with free text. Be as concise as possible • This copy includes demo data to give you some reference. Of course, when you actually put it to use, make sure that all tables are blank and demo data is removed. • Remember this is just a template. Feel free to adjust and add or leave tables unused. You are the one who knows best what’s right for your organization and environment How to Use the Template? 5
6 INCIDENT INVESTIGATION Compromise Privilege Escalation Credential Theft Lateral Movement Data Access Data Exfiltration Threat V Details SaaS account was compromised Pass the Ticket XXX server was accessed THREAT DETECTION IN-HOUSE 3RD PARTY Security Product Alert Security team proactive Details EDR raised a Analyst spotted anomalous outbound traffic FBI notification POTENTIAL RISK Free text in respect to the incident type Example: Detected lateral movement might indicate an active malicious presence in the environment as well as other compromised assets Identification – Threat and Risk
7 THREAT TYPE In-House IR Service Provider Case Manager jjh kkl DEDICATED BUDGET Purpose Sum INVESTIGATION DIRECTIONS Free text in respect to the incident type Example: • Check if the compromised account has accessed sensitive resources • Examine outbound communication from the infected endpoints • etc ESTIMATED TIMELINE Identification – Onward Steps
8 ROOT CAUSE Weaponized Email v Malicious website x Stolen credentials Insider THREAT TYPE Scope Actions Taken Number of compromised endpoints 2 Take offline Number of compromised servers 3 Take offline Number Compromised user accounts 5 Disable & Reset Password Number of encrypted endpoints Reimage Number of encrypted servers Reimage Current Status all discovered compromised entities are mitigated Next Steps investigate the attack’s scope Containment
9 INTERIM STATUS Mass Ransomware Malware Compromised User Accounts Malicious Outbound Traffic Malicious Activity Type XXX endpoints encrypted XXX instances XXX accounts XXX sessions to XXX addresses Status 54% back in production 92% removed 100% disabled and password reset 100% blocked NEXT STEPS Mass Ransomware Malware Compromised User Accounts Malicious Outbound Traffic Malicious Activity Type XXX endpoints encrypted XXX instances XXX accounts XXX sessions to XXX addresses Status Continue reimaging Eradication - Interim
10 MALICIOUS INFRASTRUCTURE & ACTIVITY REMOVED Mass Ransomware Malware Compromised User Accounts Malicious Outbound Traffic Malicious Activity Type XXX endpoints encrypted XXX instances XXX accounts XXX sessions to XXX addresses Status 100% reimaged 100% removed 100% reset 100% blocked NEXT STEPS Details Attack Success Rate Data Theft Insert info here Insert info here Extortion Cryptomining Banking Credentials Harvesting Sabotage Other (specify) Eradication - Final
11 Disablednon available Back to Production Endpoints Insert info here Servers Apps Cloud workloads User accounts Data Recovery
12 OVERALL ATTACK IMPACT Damage Details Man hours Insert info here Insert info here Payment to 3rd party Data loss Computing charges for cloud provider Production downtime Fines (per respective regulation) Attack Enablers Recommendations Lack of sufficient security technology Implement EDRDeceptionUBANetwork AnalyticsXDRother User insecure behavior Train users on security best practices Other (specify) Implement EDRDeceptionUBANetwork AnalyticsXDRother Lessons Learned
13 FINAL ATTACK TIMELINE Initial Compromise date Insert date here Initial Compromise > Identification Identification > Containment Containment > Eradication Eradication > Recovery Time to conclude Insert time here Identification Containment Eradication Recovery POINTS TO REPRODUCE POINTS TO IMPROVE Challenge Recommendation Lessons Learned

Recommended

For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
The Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice GuideThe Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice GuideInspiring Women
 
Information Security
Information SecurityInformation Security
Information SecurityMadushan Sandaruwan
 
Unintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeUnintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeDavid Mai, MBA
 
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric ColeObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric ColeObserveIT
 
Unintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeUnintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeDavid Mai, MBA
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 

Recommended

For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
The Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice GuideThe Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice GuideInspiring Women
 
Information Security
Information SecurityInformation Security
Information SecurityMadushan Sandaruwan
 
Unintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeUnintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeDavid Mai, MBA
 
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric ColeObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric ColeObserveIT
 
Unintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeUnintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeDavid Mai, MBA
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
2016 ISACA NACACS - Audit As An Impact Player For CybersecurityNathan Anderson
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Wendy Knox Everette
 
The Evolution of Cybercrime
The Evolution of CybercrimeThe Evolution of Cybercrime
The Evolution of CybercrimeStephen Cobb
 
Course Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemCourse Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemTheodore Le
 
Presentation_SOC.pptx
Presentation_SOC.pptxPresentation_SOC.pptx
Presentation_SOC.pptxMahmoudShoair2
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfTheWalkerGroup1
 
Managed Takedown Service - Digital Shadows
Managed Takedown Service - Digital ShadowsManaged Takedown Service - Digital Shadows
Managed Takedown Service - Digital ShadowsDigital Shadows
 
5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management ProgramTripwire
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
 
Cybercrime future perspectives
Cybercrime future perspectivesCybercrime future perspectives
Cybercrime future perspectivesSensePost
 
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...BeyondTrust
 
External Attacks Against Pivileged Accounts
External Attacks Against Pivileged AccountsExternal Attacks Against Pivileged Accounts
External Attacks Against Pivileged AccountsLindsay Marsh
 
M Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At DisneyM Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At Disneykamensm02
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
Cybersecurity Crisis Management Introduction
Cybersecurity Crisis Management IntroductionCybersecurity Crisis Management Introduction
Cybersecurity Crisis Management IntroductionNaor Penso
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfSarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 

More Related Content

Similar to Incident_Response_for_Management_Presentation.pptx

Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
2016 ISACA NACACS - Audit As An Impact Player For CybersecurityNathan Anderson
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Wendy Knox Everette
 
The Evolution of Cybercrime
The Evolution of CybercrimeThe Evolution of Cybercrime
The Evolution of CybercrimeStephen Cobb
 
Course Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemCourse Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemTheodore Le
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfTheWalkerGroup1
 
Managed Takedown Service - Digital Shadows
Managed Takedown Service - Digital ShadowsManaged Takedown Service - Digital Shadows
Managed Takedown Service - Digital ShadowsDigital Shadows
 
5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management ProgramTripwire
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
 
Cybercrime future perspectives
Cybercrime future perspectivesCybercrime future perspectives
Cybercrime future perspectivesSensePost
 
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...BeyondTrust
 
External Attacks Against Pivileged Accounts
External Attacks Against Pivileged AccountsExternal Attacks Against Pivileged Accounts
External Attacks Against Pivileged AccountsLindsay Marsh
 
M Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At DisneyM Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At Disneykamensm02
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
Cybersecurity Crisis Management Introduction
Cybersecurity Crisis Management IntroductionCybersecurity Crisis Management Introduction
Cybersecurity Crisis Management IntroductionNaor Penso
 

Similar to Incident_Response_for_Management_Presentation.pptx (20)

Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
 
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
 
The Evolution of Cybercrime
The Evolution of CybercrimeThe Evolution of Cybercrime
The Evolution of Cybercrime
 
Course Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemCourse Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information System
 
Presentation_SOC.pptx
Presentation_SOC.pptxPresentation_SOC.pptx
Presentation_SOC.pptx
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
 
Managed Takedown Service - Digital Shadows
Managed Takedown Service - Digital ShadowsManaged Takedown Service - Digital Shadows
Managed Takedown Service - Digital Shadows
 
5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
 
Cybercrime future perspectives
Cybercrime future perspectivesCybercrime future perspectives
Cybercrime future perspectives
 
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
 
External Attacks Against Pivileged Accounts
External Attacks Against Pivileged AccountsExternal Attacks Against Pivileged Accounts
External Attacks Against Pivileged Accounts
 
M Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At DisneyM Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At Disney
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
Cybersecurity Crisis Management Introduction
Cybersecurity Crisis Management IntroductionCybersecurity Crisis Management Introduction
Cybersecurity Crisis Management Introduction
 

Recently uploaded

call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 

Recently uploaded (20)

call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 

Incident_Response_for_Management_Presentation.pptx

  • 1. Presentation Template: ‘Incident Response (IR) Reporting for management’
  • 2. What is the ‘IR for management’ Presentation Template? You are accountable for cyber security at your company. Sooner or later you’ll experience a security incident and conduct an IR process to detect, contain and recover. An important part of this process is communicating it to your management both during the response itself as well as following its conclusion. While they not necessarily security pros, they need to have full visibility and knowledge into the event and its potential risk. The ‘Incident Response (IR) for Management‘ presentation template enables you to easily deliver a clear and concise reporting on the incident’s status, nature and scope as well as on the overall IR process. 2
  • 3. What is the ‘IR for management’ Presentation Template? The template provides concise reporting tool for each stage that includes high level status description and business risk overview. The template is purposely modular enabling you to tailor it to your specific needs per the specific incident you manage. 3
  • 4. IDENTIFICATION • Threat and Risk: what is the threat type, how was it detected and what are is the potential risk • Onward steps: who is the case manager, what are the investigation directions, budget request and estimated timeline CONTAINMENT • Root cause, scope, current status and onward steps RECOVERY • Listing all affected entities and their back-to-production rate ERADICATION • Interim: current status and onward steps • Final: listing all removed threats, estimated attack objective and its success level LESSONS LEARNED • Overall damage, what enabled the attack, refection on the previous IR process stages What does the Template Include? 4
  • 5. • The template is built from tables you need to fill up in respect to your specific use case. • You are free to split the parts into different sessions according to the incident type and severity – for example, a long investigation might justify several containmenteradication sessions, while a short 3-day investigation may result with one session form identification to lessons learned. • There are few places with free text. Be as concise as possible • This copy includes demo data to give you some reference. Of course, when you actually put it to use, make sure that all tables are blank and demo data is removed. • Remember this is just a template. Feel free to adjust and add or leave tables unused. You are the one who knows best what’s right for your organization and environment How to Use the Template? 5
  • 6. 6 INCIDENT INVESTIGATION Compromise Privilege Escalation Credential Theft Lateral Movement Data Access Data Exfiltration Threat V Details SaaS account was compromised Pass the Ticket XXX server was accessed THREAT DETECTION IN-HOUSE 3RD PARTY Security Product Alert Security team proactive Details EDR raised a Analyst spotted anomalous outbound traffic FBI notification POTENTIAL RISK Free text in respect to the incident type Example: Detected lateral movement might indicate an active malicious presence in the environment as well as other compromised assets Identification – Threat and Risk
  • 7. 7 THREAT TYPE In-House IR Service Provider Case Manager jjh kkl DEDICATED BUDGET Purpose Sum INVESTIGATION DIRECTIONS Free text in respect to the incident type Example: • Check if the compromised account has accessed sensitive resources • Examine outbound communication from the infected endpoints • etc ESTIMATED TIMELINE Identification – Onward Steps
  • 8. 8 ROOT CAUSE Weaponized Email v Malicious website x Stolen credentials Insider THREAT TYPE Scope Actions Taken Number of compromised endpoints 2 Take offline Number of compromised servers 3 Take offline Number Compromised user accounts 5 Disable & Reset Password Number of encrypted endpoints Reimage Number of encrypted servers Reimage Current Status all discovered compromised entities are mitigated Next Steps investigate the attack’s scope Containment
  • 9. 9 INTERIM STATUS Mass Ransomware Malware Compromised User Accounts Malicious Outbound Traffic Malicious Activity Type XXX endpoints encrypted XXX instances XXX accounts XXX sessions to XXX addresses Status 54% back in production 92% removed 100% disabled and password reset 100% blocked NEXT STEPS Mass Ransomware Malware Compromised User Accounts Malicious Outbound Traffic Malicious Activity Type XXX endpoints encrypted XXX instances XXX accounts XXX sessions to XXX addresses Status Continue reimaging Eradication - Interim
  • 10. 10 MALICIOUS INFRASTRUCTURE & ACTIVITY REMOVED Mass Ransomware Malware Compromised User Accounts Malicious Outbound Traffic Malicious Activity Type XXX endpoints encrypted XXX instances XXX accounts XXX sessions to XXX addresses Status 100% reimaged 100% removed 100% reset 100% blocked NEXT STEPS Details Attack Success Rate Data Theft Insert info here Insert info here Extortion Cryptomining Banking Credentials Harvesting Sabotage Other (specify) Eradication - Final
  • 11. 11 Disablednon available Back to Production Endpoints Insert info here Servers Apps Cloud workloads User accounts Data Recovery
  • 12. 12 OVERALL ATTACK IMPACT Damage Details Man hours Insert info here Insert info here Payment to 3rd party Data loss Computing charges for cloud provider Production downtime Fines (per respective regulation) Attack Enablers Recommendations Lack of sufficient security technology Implement EDRDeceptionUBANetwork AnalyticsXDRother User insecure behavior Train users on security best practices Other (specify) Implement EDRDeceptionUBANetwork AnalyticsXDRother Lessons Learned
  • 13. 13 FINAL ATTACK TIMELINE Initial Compromise date Insert date here Initial Compromise > Identification Identification > Containment Containment > Eradication Eradication > Recovery Time to conclude Insert time here Identification Containment Eradication Recovery POINTS TO REPRODUCE POINTS TO IMPROVE Challenge Recommendation Lessons Learned