Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 15: Mitigating Risk with a Computer Incident Response Team -…
Chapter 15: Mitigating Risk with a Computer Incident Response Team
What is a Computer Incident Response Team Plan?
Incidents
Unauthorized Access
Inappropriate Usage
Malicious code
Multiple Component
DoS attack
Elements of a CIRT Plan
CIRT Members
Model
Central
Distributed
Roles
Team Leader
Information Security Members
Network Administrators
Physical Security
Legal
Human Resources
Communications
Responsibilities
Determining the cause of incidentts
Recommending controls to prevent future incidents
Investigating incidents
Protecting collected evidence
Developing incident response procedures
Using a chain of custody
Accountability
CIRT Policies
Incident Handling Process
Preparation
Detection and Analysis
Containment, Eradication, and Recovery
Postincident Recovery
Communication Escalation Procedures
Incident Handling Procedures
Best Practices
Providing training
Including checklists
Including policies in the CIRT plan to guide CIRT members
Subscribing to security notifcations
Defining a computer security incident