The exercise shared in the Incident Response and Network Forensics section provided an incredible experience to anyone new to the field of incident response. It reinforces the idea of Incident Response being one with a cyclical pattern. The pattern begins with preparation by using a documented incident response plan, identifying specific team members who are trained, and ensuring these team members practice performing the steps outlined in the plan. These are critical points, as many organizations have discovered, not having an incident response plan (IRP) allows panic to quickly impact the ability to maintain a proper chain of custody of any relevant evidence and identifying the specific causes of incidents, or in prosecuting wrong-doers to deter future malicious acts. As a cyber security professional, I must ensure an incident plan is in place, and that employees are capable of identifying and reporting events to be validated by trained staff. This is fundamentally one of the most important aspects of being a cyber security professional, because, incidents WILL happen. As is often said, it is not a case of if, but when.
If I fail in my most sacred duty as a cyber security professional by providing an IRP and becoming familiar with the tools and processes within that plan then I am working in an unethical manner. Because it makes containing an incident and protecting the rest of the organization an uphill battle. This is, unfortunately, a story I have read about too many ties In my professional career as numerous organizations have suffered the panic and deterioration of efforts to contain and eradicate an attack effectively due to the fact that they were not properly prepared to respond to incidents.
The result is a complicated recovery process which costs organizations more money, time, and causes further loss of reputation. Another important component of the incident response plan cycle is to ensure that at the end of the incident there is a lessons learned phase. During this phase, all the things that went wrong and right have to be written into existing documentation or used to create any missing documentation to ensure that when calamity strikes again that organizations are ready. These aspects of our job are where many cyber security professionals "earn their keep" as we are expected to be experienced at performing and acting under pressure. This is only made possible with a detailed plan, which is practice, and followed. We must respond professionally and act ethically, which means we must practice our "fire drills" to ensure we can be the leaders with answers when an incident strikes. Familiarizing myself with the process, tools, and procedures by performing a mock exercise was a great way to reiterate these concepts, and I hope it finds use among my cyber security peers.
If I fail in my most sacred duty as a cyber security professional by providing an IRP and becoming familiar with the tools and processes within that plan then I am working in an unethical manner. Because it makes containing an incident and protecting the rest of the organization an uphill battle. This is, unfortunately, a story I have read about too many ties In my professional career as numerous organizations have suffered the panic and deterioration of efforts to contain and eradicate an attack effectively due to the fact that they were not properly prepared to respond to incidents.
The result is a complicated recovery process which costs organizations more money, time, and causes further loss of reputation. Another important component of the incident response plan cycle is to ensure that at the end of the incident there is a lessons learned phase. During this phase, all the things that went wrong and right have to be written into existing documentation or used to create any missing documentation to ensure that when calamity strikes again that organizations are ready. These aspects of our job are where many cyber security professionals "earn their keep" as we are expected to be experienced at performing and acting under pressure. This is only made possible with a detailed plan, which is practice, and followed. We must respond professionally and act ethically, which means we must practice our "fire drills" to ensure we can be the leaders with answers when an incident strikes. Familiarizing myself with the process, tools, and procedures by performing a mock exercise was a great way to reiterate these concepts, and I hope it finds use among my cyber security peers.