Day 5 – CISM Boot Camp

 

 

The objective of a viable incident management strategy is to counteract interruptions to business activities and to protect critical business processes from the effects of major failures of information systems or disasters, and to ensure the timely resumption of these critical processes.

 

A workable incident response process must be established to minimize the impact on the organization and recover from loss of information assets, to an acceptable level, through a combination of preventive and recovery controls.

 

It is essential that a managed process be developed and maintained for business continuity throughout the organization that addresses the information security requirements critical for sustaining the organization’s ongoing business mission.

 

This session addresses the processes and procedures vital to establishing the critical and required elements of an organization-wide, information incident management plan.

 

 

 

The participant should have at least three years of IT audit experience or equivalent knowledge; and be familiar with terminology, approaches, methodologies, and techniques to audit the IT environment. Managerial experience will be helpful, but not necessary for this course.

 

 

 

After completing this session, the participant will be able to:

 

1.      Identify the essential elements of a disaster recovery plan (DRP), business continuity plan (BCP), incident management plan (IMP).

2.      Define and assist in developing practices, policies and procedures for information security incident management.

3.      Participate in validating the effectiveness of DRP/BCP/IMP.

4.      Identify containment methods applicable to effective incident response planning.

5.      Develop incident notification and escalation processes as part of a viable incident response plan.

6.      Establish methods and means for critical and essential crisis communications.

7.      Establish basic requirements for equipping incident response teams.

8.      Document the incident response process.

9.      Establish post-incident review practices and investigative methods.

10. Prepare damage estimations, assisting in quantifying an incident’s business impact

11. Recognize and use appropriate incident management metrics.

 

1.      What is Incident Management?

·         Types of Incidents

·         Incident Indicators

2.      What is an Incident?

·         The Objectives of Incident Management

3.      What is Incident Response?

·         Goals of Incident response

·         The Objectives of Incident Response

·         Benefits Of Having An Incident Response Capability

·         Compliance with laws, regulations, and policy

·         Incident Response and data loss prevention

·         Incident Management Challenges

4.      What is Business Continuity Management?

·         Objective of Business Continuity Management

·         Incident Response Plan (IRP)

·         Business Impact Assessment (BIA)

·         Key Business Recovery Objectives

·         What Is Incident Handling?

5.      Risk in Incident Response

·         IR Risk Management

6.      Incident Response Organization Services

·         Enterprise Response, Analysis and Discovery (ERAD)

·         Policies Governing Incident Response

·         What Services Does The Incident Response Team Provide?

7.      Incident Response Planning

·         Intrusion Detection System (Host- and Network- based)

8.      Achieving the Objectives of Incident Response

9.      Components of an Effective, A Good Incident Management System

10. Metrics for IR

·         Recovery Time Granularity (RTG)

·         Recovery Object Granularity (ROG)

·         Recovery Event Granularity (REG)

·         Recovery Consistency Characteristics (RCC)

·         Recovery Location Scope (RLS)

·         Recovery Service Scalability (RSS)

·         Maintenance Point Objective (MPO)

·         Total Cost of Recovery (TCR)

·         Annualized Loss Expectancy (ALE)

11. Performance Measurements for IR

12. Six Steps to Handling An Incident Most Effectively

·         Choosing a Containment Strategy

13. Evidence Gathering and Handling

14. Incident Management Deployment Phases

15. Summary

 

 

 

Attendees will be encouraged to actively participate in responding to questions posed regarding the subject matter and presented. 

 

Several example “practice exams” will be given through the Boot Camp program to assist the participant in reinforcing the classroom learning experience.

 

 

Attendees will be provided with several articles written by the presenter on the subject and several industry whitepapers addressing the presentation topic.