#33 - 10 Steps to Cyber Incident Response Playbooks

On this episode of CISO Tradecraft, you can learn the 10 steps to Incident Response Planning:

Establish a Cyber Incident Response Team
Develop a 24/7 Contact list for Response Personnel
Compile Key Documentation of Business-Critical Networks and Systems
Identify Response Partners and Establish Mutual Assistance Agreements
Develop Technical Response Procedures for Incident Handling that your team can follow:
External Media - An alert identifies someone plugged in a removable USB or external device 
Attrition - An alert identifies brute force techniques to compromise systems, networks, or applications.  (Examples Attackers trying thousands of passwords on login pages)
Web - A Web Application Firewall alert shows attacks carried out against your website or web-based application
Email - A user reports phishing attacks with a malicious link or attachment
Impersonation - An attack that inserts malicious processes into something benign (example Rogue Access Point found on company property)
Improper Usage - Attack stemming from user violation of the IT policies.  (Example employee installs file sharing software on a company laptop) 
Physical Loss- Loss or theft of a physical device (Example employee loses their luggage containing a company laptop)

Classify the Severity of the Cyber Incident
Develop Strategic Communication Procedures
Develop Legal Response Procedures
Obtain CEO or Senior Executive Buy-In and Sign-off
Exercise the Plan, Train Staff, and Update the Plan Regularly

To learn more about Incident Response Planning, CISO Tradecraft recommends reading this helpful document from the American Public Power Association

If you would like to automate security reviews of infrastructure-as-code, then please check out Indeni CloudRail Link