book

The Computer Incident Response Planning Handbook: Executable Plans for Protecting Information at Risk

by N. K. McCarthy, Matthew Todd, Jeff Klaben

August 2012

Intermediate to advanced

528 pages

5h 39m

English

McGraw-Hill

Read now

Unlock full access

The Absence of PlanningKey ConceptsThe OODA LoopFog of WarFrictionCenter of GravityUnity of CommandMaintaining the InitiativeTactical, Operational, and Strategic PerspectivesRequirements-Driven ExecutionEnd StateMilitary Decision-Making ProcessA Plan Is Preparation ManifestedAnticipation: Objectives and RequirementsCollaboration: Socialization and NormalizationResearch: The Availability of Relevant InformationThe Ad Hoc Organization for Time of CrisisThe Value of Documentation
RegulationGramm-Leach-Bliley Act (Financial Services Modernization Act of 1999)The Health Insurance Portability and Accountability Act of 1996Sarbanes-Oxley Act of 2002State Breach RequirementsIndustry StandardsFederal/State EnforcementContractual EnforcementWhat Standards?ISO/IEC 27000 SeriesFFIECPCI DSSService Organization ControlsShared AssessmentsHow Do I Know that I’m Doing the Right Thing?Independent ReviewInternal AuditTabletop ExercisesHow Do I Keep It Up?COBITISO/IEC 27005 (Information Security Risk Management)ITILBringing It TogetherTop-Down ApprovalValuesPoliciesOwnershipProcedures and ControlsMeasurement and MonitoringEducationCalendar for Testing Processes and ControlsIndependent ReviewInternal Oversight

Proactively Using Plans During Period of Heightened RiskUnderstanding How Your ISOC WorksBuilding Relationships Outside of ITLeveraging Your CIRP to Develop Relationships with Law EnforcementUsing Plans to Augment Your Current ERM Efforts
What Problem Are You Solving?Don’t Bother if You Don’t Have an Executive SponsorUsing an Advisory Committee: My Plan vs. Our PlanUnderstanding Your AudiencesLeveraging the Table of ContentsPlan IntroductionIncident PreparationIncident Detection, Analysis, and DeclarationIncident ResponsePlan Maintenance/Post IncidentDevelopment of an Ad Hoc Organization to Respond to Crisis
ForewordPlan IntroductionPlan ObjectivePlan Scope and AssumptionsPlan Execution and Command TopologiesPlan StructureUpdating and SynchronizationIncident PreparationStatutory/Compliance FrameworkSensitive DataPCI Data Map (Encl 1) **RESTRICTED**ISOC Threat Portfolio (PCI) (Tab B) **RESTRICTED**PCI Log Data (Tab C)Third-Party (Payment) Connections (Tab D)Third-Party ServicesPCI Forensic Investigator (PFI)Identity Protection ServicesCompromise Notification FulfillmentSources of Precursors and IndicatorsIncident ThresholdsData ThresholdCompromise ThresholdIncident AnalysisTechnical ImpactBusiness ImpactIncident CategoriesPriority 1Priority 2Non-Actionable/InformationalIncident DeclarationIncident Notification and MobilizationIncident Documentation
Plan ExecutionOrganization and RolesProcess and RhythmSynchronization and Decision-MakingStatus ReportsMandatory Reporting/Notification(s)Payment Card Industry Data Security Standard (PCI DSS)Release of “Public-Facing Documents”Draft/Approve/Release ProcessPublic-Facing Documents ParticipantsEvidence Discovery and RetentionCriminal ProsecutionCivil LitigationManaging EvidenceLiaison with Local Law EnforcementXYZ Loss Prevention (LE Liaison)Law Enforcement Points of Contact (POC) (Tab I)Incident Containment, Eradication, and RecoveryThe XYZ (Data Compromise) CIRP SWAT TeamContainmentEradication and RecoveryRemediationCompensating ControlsDisaster Recovery/Business ContinuityCIRP Roles and ResponsibilitiesHuman Resources
Post-Incident ActivityIncident TerminationPlan MaintenanceOverviewRegular UpdatesVerification/Updates of Perishable DataAnnual Testing of the Plan
ForewordPlan IntroductionPlan ObjectivePlan Execution and Command TopologiesPlan OwnershipSupporting DocumentationIncident PreparationIsolation Points within the XYZ EnterpriseBusiness Impact Overlay of Isolation PointsISOC Threat PortfolioThird-Party Support ServicesPCI Forensics Investigator (PFI)BXD LongSight Threat Management SystemIncident Detection, Analysis, and DeclarationSources of Precursors and IndicatorsISOC Monitoring FeedsField Services Responding to Malware CallsNOC, Service Desk, and Other Internal Sources of DetectionIncident ThresholdIncident AnalysisTechnical ImpactBusiness ImpactIncident DeclarationIncident Notification and MobilizationIncident Documentation
Plan ExecutionOrganization and RolesOperational SequencingOperational PrioritiesOperational ResourcesSynchronization and Decision Making
Incident TerminationCriteria for Terminating an IncidentPlan MaintenanceOverviewQuarterly UpdatesAnnual Testing of the Plan
New Age for InfoSec ProfessionalsParadigm #1: The New Consciousness of the Zero-Day AttackParadigm #2: The Need for Transparent Due DiligenceParadigm #3: Consequence-Based Information SecurityParadigm #4: The Constant Challenge of ChangeParadigm #5: While We’re All Focusing on the Silicon-Based Systems, the Bad Guys Are Targeting the Carbon-Based Ones

Overview

Uncertainty and risk, meet planning and action.

Reinforce your organization’s security posture using the expert information contained in this tactical guide. The Computer Incident Response Planning Handbook: Executable Plans for Protecting Information at Risk shows you how to build and manage successful response plans for the cyber incidents that have become inevitable for organizations of any size. Find out why these plans work. Learn the step-by-step process for developing and managing plans built to address the wide range of issues organizations face in times of crisis.

Contains the essentials for developing both data breach and malware outbreak response plans—and best practices for maintaining those plans
Features ready-to-implement CIRPs—derived from living incident response plans that have survived the rigors of repeated execution and numerous audits
Clearly explains how to minimize the risk of post-event litigation, brand impact, fines and penalties—and how to protect shareholder value
Supports corporate compliance with industry standards and requirements, including PCI, HIPAA, SOX, and CA SB-24

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

How to Develop and Implement a Security Master Plan

Publisher Resources

ISBN: 9780071790390

The Computer Incident Response Planning Handbook: Executable Plans for Protecting Information at Risk

by N. K. McCarthy, Matthew Todd, Jeff Klaben

Overview

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

How to Develop and Implement a Security Master Plan

How I Built a Personal Board of Directors With GenAI

Managing Risk in Information Systems, 3rd Edition

Data Breach Preparation and Response

Publisher Resources

Overview

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

How to Develop and Implement a Security Master Plan

How I Built a Personal Board of Directors With GenAI

Managing Risk in Information Systems, 3rd Edition

Data Breach Preparation and Response

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.