#33 - 10 Steps to Cyber Incident Response Playbooks

On this episode of CISO Tradecraft, you can learn the 10 steps to Incident Response Planning:

1. Establish a Cyber Incident Response Team
2. Develop a 24/7 Contact list for Response Personnel
3. Compile Key Documentation of Business-Critical Networks and Systems
4. Identify Response Partners and Establish Mutual Assistance Agreements
5. Develop Technical Response Procedures for Incident Handling that your team can follow:
   • External Media - An alert identifies someone plugged in a removable USB or external device 
   • Attrition - An alert identifies brute force techniques to compromise systems, networks, or applications.  (Examples Attackers trying thousands of passwords on login pages)
   • Web - A Web Application Firewall alert shows attacks carried out against your website or web-based application
   • Email - A user reports phishing attacks with a malicious link or attachment
   • Impersonation - An attack that inserts malicious processes into something benign (example Rogue Access Point found on company property)
   • Improper Usage - Attack stemming from user violation of the IT policies.  (Example employee installs file sharing software on a company laptop) 
   • Physical Loss- Loss or theft of a physical device (Example employee loses their luggage containing a company laptop)
6. Classify the Severity of the Cyber Incident
7. Develop Strategic Communication Procedures
8. Develop Legal Response Procedures
9. Obtain CEO or Senior Executive Buy-In and Sign-off
10. Exercise the Plan, Train Staff, and Update the Plan Regularly

To learn more about Incident Response Planning, CISO Tradecraft recommends reading this helpful document from the American Public Power Association

If you would like to automate security reviews of infrastructure-as-code, then please check out Indeni CloudRail Link