67 min listen
2021-029- incident response, PICERL cycle, showing value in IR, aligning with business goals -p1
2021-029- incident response, PICERL cycle, showing value in IR, aligning with business goals -p1
ratings:
Length:
40 minutes
Released:
Aug 15, 2021
Format:
Podcast episode
Description
https://blog.teamascend.com/6-phases-of-incident-response https://www.securitymetrics.com/blog/6-phases-incident-response-plan Recent vulnerabilities got Bryan thinking about incident response. Are organizations speedy enough to keep up? If the spate of vulns continue, what can we do to ensure we are dealing with the most important issues? How do we communicate those issues to management? How should we handle the workload? Testing of your IR costs money, do you have budget for that? (verodin, red-team) Restoring backups, extra VPC or azure environment Incidents occur You have to minimize issues, right? But is there a good way of doing that? Simplify your environment? Spend time working on the CIS 20? You gotta plan for that and show value vs effort. Incident response is an ever changing landscape. What is the goal of IR? Minimize damage Identify affected systems Recover gracefully and quickly? Does your environment allow for quick recovery? What does ‘return to normal’ look like? The goal of business Make money Incidents should just be considered part of doing business (risks) The more popular, the more likely the attack Incident timeframe = criteria for getting back to normal. PICERL is a cycle, and one of continual improvement. Incident response is not ‘one and done’.
Released:
Aug 15, 2021
Format:
Podcast episode
Titles in the series (100)
2017-042-Jay beale, Hushcon, Apple 0Day, and BsidesWLG audio: Ms. Berlin and Mr. Boettcher are on holiday this week, and I (Bryan) went to Hushcon (www.hushcon.com) last week (8-9 Dec 2017). Lots of excellent discussion and talks. While there, our friend Jay Beale (@jaybeale) came on to discuss Hushcon, as well... by BrakeSec Education Podcast