Tag: IR
Today I want to start off by sharing a few things that I have been researching for a while. I have had a lot of curiosity about incident response, I want to understand how it works, what is expected from an IR team, and much more. For the last few days, I have also been asking my new friend ChatGPT about it so that I can get some of the answers and things that go on during an Incident Response engagement.
I consider it should be a good idea to start with a quick overview or list of Attack Vectors before we dive right into what goes into the Detection and Analysis phase. Companies should be able to prepare and have plans around common attack vectors, and what to do in those cases, we went over that in our previous post, but this time as a refresher, here is a non-exhaustive list of common attack vectors:
I want to take the opportunity to break down what goes into the preparation for incident response and what things could like from the perspective of an infosec professional. Going back to NIST, there are a few things that are considered: Part of a well-defined IR Plan includes things like creating an IR Policy and plan, and what tools will be used for performing incident handling and reporting. A determined team structure, who are the players?, lead Engineers? who is in charge of collecting forensic data? what happens during the eradication and recovery phases, and who is in charge? Should these functions be assigned to a team or an individual? - A well-described line of communication between teams and technical and executive teams (Yeah - Executives need to be involved)
