Mitigation Steps of an Incident Response Plan
Power Off: Make sure you segment and depower the machine in question. Don’t forget to unplug the ethernet cord. It’s important to note that some information security professionals would argue that powering off the machine is the opposite of what you should do. The truth is that it really depends on who is responding to the threat. A trained infosec professional should not power off the machine, as they have an actual grounding in threat intelligence and may be able to identify the potential incident via the short-term memory on the machine. But your front-line workers shouldn’t have to shoulder that burden of criticality. The best bet is to get them to take action to mitigate the spread and prevent further damage.
Don’t Delete: This is the hardest rule to follow because it goes against your instinct. If you delete the file that you believe is malicious, you will delete the trail that allows a forensic investigator to determine the root cause of the incident. This could have massive ramifications with regards to a legal situation like a lawsuit or insurance claim. Segment and isolate the machine and power it down.
Your marketing folks should have a “break glass in case of emergency” kit ready to go in the event of a cybersecurity incident. It should include the following elements.
Social Media Posts: Communicate your knowledge of the issue and your intent to investigate and protect.
Email to Customers: Draft a message that informs your customers and supply chain of the incident.
Email to Employees: Draft a message to send to employees before the mass communication goes out.
Email to Shareholders: Draft a message to inform shareholders, if applicable.
Communications Schedule: Create a schedule of how often your team is going to update and follow up with the customers and supply chain network moving forward.
Call to Action: Set down the call to action and back away. You don’t need your customer base to do anything other than be aware and be vigilant.
More Info: a+ certification jobs
Don’t Delete: This is the hardest rule to follow because it goes against your instinct. If you delete the file that you believe is malicious, you will delete the trail that allows a forensic investigator to determine the root cause of the incident. This could have massive ramifications with regards to a legal situation like a lawsuit or insurance claim. Segment and isolate the machine and power it down.
Your marketing folks should have a “break glass in case of emergency” kit ready to go in the event of a cybersecurity incident. It should include the following elements.
Social Media Posts: Communicate your knowledge of the issue and your intent to investigate and protect.
Email to Customers: Draft a message that informs your customers and supply chain of the incident.
Email to Employees: Draft a message to send to employees before the mass communication goes out.
Email to Shareholders: Draft a message to inform shareholders, if applicable.
Communications Schedule: Create a schedule of how often your team is going to update and follow up with the customers and supply chain network moving forward.
Call to Action: Set down the call to action and back away. You don’t need your customer base to do anything other than be aware and be vigilant.
More Info: a+ certification jobs
Comments
Post a Comment