Professional Documents
Culture Documents
Am I Am I Am I
Vulnerable? Compromised? Optimized?
The most used Global Honeypot Network Internet-wide scans Team of security
penetration testing researchers
tool
Drafting the Plan
Get in the IR Plan Mindset
1. Get the right people
involved.
2. Assess current state &
current visibility.
3. Be realistic to talent &
expected range of
attacks.
Key Items in an Incident Response Plan
1.Key Contacts (+ external)
2.Roles & Responsibilities
Key Items in an Incident Response Plan
1. Key Contacts (+ external)
2. Roles & Responsibilities
3. Incident & Event Response Flows
• Plan from Alert -> Response
• Remember After Action Review!
Incident Response Plan Flow
Key Items in an Incident Response Plan
1. Key Contacts (+ external)
2. Roles & Responsibilities
3. Incident & Event Response Flows
• Plan from Alert -> Response
• Remember After Action Review!
4. Communications Plan
5. Legal, Compliance, Chain of
Custody Considerations
Reviewing the Plan
Review: Things to Consider
Existing Security
1. Evaluate your tech stack Solutions, Alerts, and
Events
Remote
Endpoints
Applications
Enterprise Cloud
Apps
Review: Things to Consider
1. Evaluate your tech stack
and what is being
monitored today.
2. How does this translate to
detection across an attack
chain?
Steps in an Internal Attack Chain