incident response and computer network forensics
For an organization, building-out an incident response program is a key component to establishing a level of cyber resiliency that ensures the capabilities exist to bounce back from a security event, incident, and/or breach. The key to a successful incident response function is to build the program with the business in mind:
- anchor policies, plans, and procedures to an industry standard or framework (i.e. NIST, ISO, etc...)
- ensure there's sufficient awareness and education for all impacted users
- build-out an internal security incident response team (SIRT), and test-out the process by leveraging table-top exercises
- ensure the proper controls are in place to detect (and respond to) behavior in the environment that is anomalous or atypical
- bake-in funding for retainers of specialized skillsets in the event of a critical situation (i.e. a Cyber Incident Forensics and Response (CIFR) team)
Capstone Updated - Computer Forensic Examination Report |