Incident Response

Definition of Incident Response

Incident response encompasses event triage, analysis, communication, and remediation support after an incident has occurred.

Assistant / Associate:

Follow process for well documented incidents
Shadow senior analysts dealing with critical incidents
Provide suggestions to improve incident response process

Senior Associate / Professional:

Manage and update playbooks for incident handling
Lead incident response on critical incidents

Senior Professional / Principal:

Define new processes and build relationships with key partners involved in incident response
Train junior incident handlers on process

How to Develop Incident Response

Training Courses:

· SANS SEC504 – Hacker Tools, Techniques, Exploits, and Incident Handling

· SANS FOR572 – Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response

Online Videos:

· https://www.youtube.com/watch?v=76fuTjzuiLg

· https://www.youtube.com/watch?v=Zog1WipbE9c

· https://www.youtube.com/watch?v=eeQ2WpdvG0g

Experiences:

· Learn to have the appropriate level of concern and urgency when dealing with incidents of varying severity.

How to Demonstrate Incident Response

DO:Describe what you did in completing / achieving your development plan

ASSESS:Share, if applicable, any assessments that were taken / provided related to your activities

· Review trends in incidents over time

LEARN:Explain what you felt that you were able to learn during your journey / experiences

· How will you be a better incident responder in the future?

APPLY:Give specifics examples where you have / plan to make direct application to your work

REFLECT:Review / consider things you would have done differently had you had this experience earlier