SlideShare a Scribd company logo

Incident Handling in a BYOD Environment

Iben Rodriguez, profile picture
Iben Rodriguez

This document discusses incident handling at the Naval Postgraduate School (NPS) in a bring your own device (BYOD) environment. It provides details on NPS's network upgrades including a new wireless network and cloud initiatives. It outlines NPS's cybersecurity organization and technologies used like a security information and event management system. The document describes the incident handling process based on the NIST framework and tools used like a JIRA incident tracking template. It emphasizes documenting incidents, leveraging automation, and collaborating across the incident response team.

Technology
1 of 31
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Incidents Happen! Management in a BYOD Environment Presented to: CENIC Conference March 22, 2017
The Naval Postgraduate School 2 Graduate School of Operational and Information Sciences Graduate School of Engineering and Applied Sciences Graduate School of Business and Public Policy School of International Graduate Studies Enrollment 2,600 Students Representing 40 Countries
Mission To provide technology and communications support for the NPS core mission of teaching, research, and service to the Navy and Department of Defense. To provide voice, video, and data infrastructure as mission crucial enablers of innovation and experimentation within the educational enterprise.
Incident Handling in a BYOD Environment
Network Upgrade • Every router and switch at NPS upgraded • Edge router now connected to CENIC at 100GigE • Core and BDFs upgraded to 160GigE and 80GigE, respectively. • Select edge ports connected with 20GigE – High Performance Computing – Select research labs • NPS Network – Allows NPS to take full advantage of 100GigE CENIC backbone – Support high-Speed Switch Fabrics – Provide the backbone infrastructure for Software Defined Networking. 5
NPS Wireless 6 • New Ruckus network has 360 Access Points with faster 802.11AC radios • Replaced ~200 old APs from various technologies • Improved campus coverage including strategic outdoor locations with faster speeds • New onboarding features with simplified administration options
Educational Technologies • Labs/Classrooms – 141 classrooms/labs/conference rooms • 87 classrooms • 13 labs • 5 auditoria • 7 VTE suites • 17 conference rooms – Classrooms include: • Audio visual equipment: projectors and audio equipment • Faculty podium: desktop computer with access
8 High Performance Computing “Hamming” Supercomputer • Over 100 servers in 8 cabinets; • Over 4,600 CPU “cores” tied together by fast network; • Over 3 Petabytes of disk storage (= 3,000 Terabytes); • Scientific Computation (number-crunching): weather/ice forecasting, turbopropulsion models, earthquake prediction); • “Big Data”: searching for text and imagery in huge datasets; think of “Google Search” applied to DoD interests. $1M grant in FY15 for hardware procurement; • Used for teaching as well as research; • Instrumental in recruiting faculty. • 100 Gigabit/s network: will allow us to move large datasets into/out to/from collaborators.
Cloud Initiatives • MS Office 365: – Exchange Online – Sharepoint Online – Skype for Business • Box storage – Unlimited file storage • Amazon Web Services – Infrastructure-as-a-Service – ITACS backups, web development and operations 9
Incident Handling Naval Postgraduate School
DLI Cybersecurity Team Compliance - Prevention Detection – Response Internal & External Monitoring, Audit & Reporting SOC Manager Sr. Incident Handler Sr. Cyber Analyst End Point Protection Director of Cybersecurity Jr. Cyber Analyst Jr. Cyber AnalystSr. Cyber Analyst Jr. Incident Handler Scanning / Compliance Sr. Cyber Analyst ISSM – DREN & Higher Director NCIS | SSO/Security Manager | Command IG | IT Task Force FLTCYBERCOM | NCDOC | HPCMP CND |SPAWAR CA Jr. Cyber Analyst CS Plans / Projects ISSM - EDU Cybersecurity Organization
Function Device SIEM AlienVault Firewall PA-7050 IDS1 HPCMP, NCDOC, Snort Network Access 802.1x, SafeConnect A/V SEP, PA-7050, Wildfire Web PA-7050 Mail Barracuda Scanning ACAS (Nessus), Netsparker Endpoint management LANDESK / WSUS / Puppet EMM2 Airwatch 2FA2 Duo Security 1 Both the High Performance Computing Management Program Office and Navy Cyber Defense Operations Command have sensors on the NPS EDU Network; additionally NPS contracts for internal CND services that use Snort. 2 Pending deployment Technology
Processes Ø Documentation of incident handling / response standard operating procedures. 13 Ø Templates and workflow / task management of incident handling actions. Ø Real-time collaboration between team members during significant cyber events.
Incident Handling - the Basics • Step by step Incident Handling (IH) process • Quick reference for IH personnel to perform duties • Template / Automate as much as possible • Historical record – Document, document, document – Have we seen something similar before? – Did the adversary modify their TTPs? • Facilitate reporting and trend analysis 14
A Few More Basics • Handlers should have as much access as required to take immediate action – Remove phish / spearphish from user’s inbox – Blacklist IP and / or Domain – Disable account – Block device from accessing network • But know contact info for technical SMEs if required – Email – DNS – Firewall – Routers 15
Incident Handling Step-by-Step 1. Identify 2. Contain 3. Neutralize 4. Recover / Report 5. Document / Assess 16 NIST SP 800-61 Rev 2
Handler Morning Routine • Provides initial situational awareness of detected / reported events • To-do list to start the handler’s day • Repeatable / sustainable • Hosted on wiki -> collaborative effort 17
Incident Handling Step-by-Step 1. Identify 2. Contain 3. Neutralize 4. Recover / Report 5. Document / Assess 18 NIST SP 800-61 Rev 2
Incident Handling Step-by-Step 1. Identify 2. Contain 3. Neutralize 4. Recover / Report 5. Document / Assess 19 NIST SP 800-61 Rev 2
Incident Handling Step-by-Step 1. Identify 2. Contain 3. Neutralize 4. Recover / Report 5. Document / Assess 20 NIST SP 800-61 Rev 2
Incident Handling Step-by-Step 1. Identify 2. Contain 3. Neutralize 4. Recover / Report 5. Document / Assess 21 NIST SP 800-61 Rev 2
Incident Handling Step-by-Step 1. Identify 2. Contain 3. Neutralize 4. Recover / Report 5. Document / Assess 22 NIST SP 800-61 Rev 2
JIRA Incident Template - Example 23
JIRA Incident Template - Example 24
JIRA Incident Template - Example 25
JIRA Incident Template - Example 26
JIRA Incident Template – Example 27
JIRA Incident Template - Example 28
JIRA Incident Template - Example 29
Summary • BYOD environment increases IH complexity • Maximize automation and use of templates to standardize process • Document as much as possible • Marathon – not a sprint – Wiki / JIRA provide for collaboration and rapid, continuous changes to SOPs, etc. • User training and reporting mechanism (abuse@nps.edu) critical 30
QUESTIONS? 31

More Related Content

PPTX
New Threats, New Approaches in Modern Data Centers
Iben Rodriguez
 
PPTX
Solving ICS Cybersecurity Challenges in the Electric Industry
Dragos, Inc.
 
PPTX
Securing Electric Utility Infrastructure
Dragos, Inc.
 
PDF
Consequence Informed Cyber Security
Dragos, Inc.
 
PPTX
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
Dragos, Inc.
 
PDF
Industrial Control Systems Cybersecurity Technology Selection
Dragos, Inc.
 
PPTX
45 Minutes to PCI Compliance in the Cloud
CloudPassage
 
PPT
Cloud Security: Make Your CISO Successful
CloudPassage
 
New Threats, New Approaches in Modern Data Centers
Iben Rodriguez
 
Solving ICS Cybersecurity Challenges in the Electric Industry
Dragos, Inc.
 
Securing Electric Utility Infrastructure
Dragos, Inc.
 
Consequence Informed Cyber Security
Dragos, Inc.
 
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
Dragos, Inc.
 
Industrial Control Systems Cybersecurity Technology Selection
Dragos, Inc.
 
45 Minutes to PCI Compliance in the Cloud
CloudPassage
 
Cloud Security: Make Your CISO Successful
CloudPassage
 

What's hot (20)

PDF
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
Savvius, Inc
 
PPTX
PLC Virtualization Dragos S4 2019
Dragos, Inc.
 
PDF
Security Advantages of Software-Defined Networking
Priyanka Aash
 
PPTX
CLOUD NATIVE SECURITY
Maganathin Veeraragaloo
 
PDF
Cloud Native Security: New Approach for a New Reality
Carlos Andrés García
 
PPTX
Plnog13 2014 security intelligence_pkedra_v1
PROIDEA
 
PPTX
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
Jürgen Ambrosi
 
PDF
Cisco amp for meraki
Cisco Canada
 
PDF
The Network as a Sensor, Cisco and Lancope
Cisco Enterprise Networks
 
PPTX
Sasa milic, cisco advanced malware protection
Dejan Jeremic
 
PPTX
Security and Compliance for Enterprise Cloud Infrastructure
CloudPassage
 
PDF
Secure Cloud Development Resources with DevOps
CloudPassage
 
PPTX
How to Increase ICS Cybersecurity Return on Investment (ROI)
Dragos, Inc.
 
PDF
DNS Measurement Activity on ITB 2010
Affan Basalamah
 
PDF
Cisco's 2016 Annual Security report
Cisco Canada
 
PDF
TechWiseTV Workshop: Tetration Analytics
Robb Boyd
 
PDF
Tenable Solutions for Enterprise Cloud Security
MarketingArrowECS_CZ
 
PPTX
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
EnergySec
 
PPTX
TechWiseTV Workshop: Cisco TrustSec
Robb Boyd
 
PDF
2021 01-13 reducing risk-of_ransomware
AlgoSec
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
Savvius, Inc
 
PLC Virtualization Dragos S4 2019
Dragos, Inc.
 
Security Advantages of Software-Defined Networking
Priyanka Aash
 
CLOUD NATIVE SECURITY
Maganathin Veeraragaloo
 
Cloud Native Security: New Approach for a New Reality
Carlos Andrés García
 
Plnog13 2014 security intelligence_pkedra_v1
PROIDEA
 
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
Jürgen Ambrosi
 
Cisco amp for meraki
Cisco Canada
 
The Network as a Sensor, Cisco and Lancope
Cisco Enterprise Networks
 
Sasa milic, cisco advanced malware protection
Dejan Jeremic
 
Security and Compliance for Enterprise Cloud Infrastructure
CloudPassage
 
Secure Cloud Development Resources with DevOps
CloudPassage
 
How to Increase ICS Cybersecurity Return on Investment (ROI)
Dragos, Inc.
 
DNS Measurement Activity on ITB 2010
Affan Basalamah
 
Cisco's 2016 Annual Security report
Cisco Canada
 
TechWiseTV Workshop: Tetration Analytics
Robb Boyd
 
Tenable Solutions for Enterprise Cloud Security
MarketingArrowECS_CZ
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
EnergySec
 
TechWiseTV Workshop: Cisco TrustSec
Robb Boyd
 
2021 01-13 reducing risk-of_ransomware
AlgoSec
 
Ad

Similar to Incident Handling in a BYOD Environment (20)

PDF
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
IGN MANTRA
 
PPTX
CapTechTalks Webinar May 2025 Janosek Kittner Shelton.pptx
CapitolTechU
 
DOCX
Computer Security Incident Handling Guide Recommendati.docx
patricke8
 
PPTX
You Will Be Breached
Mike Saunders
 
PDF
Today's Cyber Challenges: Methodology to Secure Your Business
JoAnna Cheshire
 
PDF
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
IGN MANTRA
 
PDF
Beyond NIST, CMMC certification_webinar.pdf
babuml691
 
PDF
Sscp Systems Security Certified Practitioner Allinone Exam Guide Third Editio...
qhjmirl9960
 
PDF
CNIT 152: 3 Pre-Incident Preparation
Sam Bowne
 
DOCX
Computer Security Incident Handling Guide Recommendati
LynellBull52
 
PPTX
Cybersecurity by the numbers
APNIC
 
PDF
Nist.sp.800 61r2
Jesús Yustas Romo
 
PDF
“Computer Security Incident handling Guide,” Special Publication 800-61
David Sweigert
 
PDF
Computer security incident response has become an important component of info...
ssuserb32559
 
PDF
Computer Security Incident Handling Guide
Muhammad FAHAD
 
PDF
Setting up CSIRT
APNIC
 
PDF
Nist ir
ronnyvaningh
 
PDF
ECIHv12 Course Outline.pdf
PSD Solutions .....
 
PDF
SSCP Systems Security Certified Practitioner All in One Exam Guide Third Edit...
wgyunjq580
 
PDF
YBB-NW-distribution
Mike Saunders
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
IGN MANTRA
 
CapTechTalks Webinar May 2025 Janosek Kittner Shelton.pptx
CapitolTechU
 
Computer Security Incident Handling Guide Recommendati.docx
patricke8
 
You Will Be Breached
Mike Saunders
 
Today's Cyber Challenges: Methodology to Secure Your Business
JoAnna Cheshire
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
IGN MANTRA
 
Beyond NIST, CMMC certification_webinar.pdf
babuml691
 
Sscp Systems Security Certified Practitioner Allinone Exam Guide Third Editio...
qhjmirl9960
 
CNIT 152: 3 Pre-Incident Preparation
Sam Bowne
 
Computer Security Incident Handling Guide Recommendati
LynellBull52
 
Cybersecurity by the numbers
APNIC
 
Nist.sp.800 61r2
Jesús Yustas Romo
 
“Computer Security Incident handling Guide,” Special Publication 800-61
David Sweigert
 
Computer security incident response has become an important component of info...
ssuserb32559
 
Computer Security Incident Handling Guide
Muhammad FAHAD
 
Setting up CSIRT
APNIC
 
Nist ir
ronnyvaningh
 
ECIHv12 Course Outline.pdf
PSD Solutions .....
 
SSCP Systems Security Certified Practitioner All in One Exam Guide Third Edit...
wgyunjq580
 
YBB-NW-distribution
Mike Saunders
 
Ad

More from Iben Rodriguez (8)

DOCX
Ipv6 test plan for opnfv poc v2.2 spirent-vctlab
Iben Rodriguez
 
PDF
CENIC Conference agenda 2017_v1
Iben Rodriguez
 
PPTX
Verigraph
Iben Rodriguez
 
PPTX
Iben from Spirent talks at the SDN World Congress about the importance of and...
Iben Rodriguez
 
PPT
Re-Engineering Engineering
Iben Rodriguez
 
PDF
Vmworld 2005-sln241
Iben Rodriguez
 
PDF
Fine grained monitoring
Iben Rodriguez
 
PDF
Getput suite
Iben Rodriguez
 
Ipv6 test plan for opnfv poc v2.2 spirent-vctlab
Iben Rodriguez
 
CENIC Conference agenda 2017_v1
Iben Rodriguez
 
Verigraph
Iben Rodriguez
 
Iben from Spirent talks at the SDN World Congress about the importance of and...
Iben Rodriguez
 
Re-Engineering Engineering
Iben Rodriguez
 
Vmworld 2005-sln241
Iben Rodriguez
 
Fine grained monitoring
Iben Rodriguez
 
Getput suite
Iben Rodriguez
 

Recently uploaded (20)

PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 

Incident Handling in a BYOD Environment

  • 1. Incidents Happen! Management in a BYOD Environment Presented to: CENIC Conference March 22, 2017
  • 2. The Naval Postgraduate School 2 Graduate School of Operational and Information Sciences Graduate School of Engineering and Applied Sciences Graduate School of Business and Public Policy School of International Graduate Studies Enrollment 2,600 Students Representing 40 Countries
  • 3. Mission To provide technology and communications support for the NPS core mission of teaching, research, and service to the Navy and Department of Defense. To provide voice, video, and data infrastructure as mission crucial enablers of innovation and experimentation within the educational enterprise.
  • 5. Network Upgrade • Every router and switch at NPS upgraded • Edge router now connected to CENIC at 100GigE • Core and BDFs upgraded to 160GigE and 80GigE, respectively. • Select edge ports connected with 20GigE – High Performance Computing – Select research labs • NPS Network – Allows NPS to take full advantage of 100GigE CENIC backbone – Support high-Speed Switch Fabrics – Provide the backbone infrastructure for Software Defined Networking. 5
  • 6. NPS Wireless 6 • New Ruckus network has 360 Access Points with faster 802.11AC radios • Replaced ~200 old APs from various technologies • Improved campus coverage including strategic outdoor locations with faster speeds • New onboarding features with simplified administration options
  • 7. Educational Technologies • Labs/Classrooms – 141 classrooms/labs/conference rooms • 87 classrooms • 13 labs • 5 auditoria • 7 VTE suites • 17 conference rooms – Classrooms include: • Audio visual equipment: projectors and audio equipment • Faculty podium: desktop computer with access
  • 8. 8 High Performance Computing “Hamming” Supercomputer • Over 100 servers in 8 cabinets; • Over 4,600 CPU “cores” tied together by fast network; • Over 3 Petabytes of disk storage (= 3,000 Terabytes); • Scientific Computation (number-crunching): weather/ice forecasting, turbopropulsion models, earthquake prediction); • “Big Data”: searching for text and imagery in huge datasets; think of “Google Search” applied to DoD interests. $1M grant in FY15 for hardware procurement; • Used for teaching as well as research; • Instrumental in recruiting faculty. • 100 Gigabit/s network: will allow us to move large datasets into/out to/from collaborators.
  • 9. Cloud Initiatives • MS Office 365: – Exchange Online – Sharepoint Online – Skype for Business • Box storage – Unlimited file storage • Amazon Web Services – Infrastructure-as-a-Service – ITACS backups, web development and operations 9
  • 11. DLI Cybersecurity Team Compliance - Prevention Detection – Response Internal & External Monitoring, Audit & Reporting SOC Manager Sr. Incident Handler Sr. Cyber Analyst End Point Protection Director of Cybersecurity Jr. Cyber Analyst Jr. Cyber AnalystSr. Cyber Analyst Jr. Incident Handler Scanning / Compliance Sr. Cyber Analyst ISSM – DREN & Higher Director NCIS | SSO/Security Manager | Command IG | IT Task Force FLTCYBERCOM | NCDOC | HPCMP CND |SPAWAR CA Jr. Cyber Analyst CS Plans / Projects ISSM - EDU Cybersecurity Organization
  • 12. Function Device SIEM AlienVault Firewall PA-7050 IDS1 HPCMP, NCDOC, Snort Network Access 802.1x, SafeConnect A/V SEP, PA-7050, Wildfire Web PA-7050 Mail Barracuda Scanning ACAS (Nessus), Netsparker Endpoint management LANDESK / WSUS / Puppet EMM2 Airwatch 2FA2 Duo Security 1 Both the High Performance Computing Management Program Office and Navy Cyber Defense Operations Command have sensors on the NPS EDU Network; additionally NPS contracts for internal CND services that use Snort. 2 Pending deployment Technology
  • 13. Processes Ø Documentation of incident handling / response standard operating procedures. 13 Ø Templates and workflow / task management of incident handling actions. Ø Real-time collaboration between team members during significant cyber events.
  • 14. Incident Handling - the Basics • Step by step Incident Handling (IH) process • Quick reference for IH personnel to perform duties • Template / Automate as much as possible • Historical record – Document, document, document – Have we seen something similar before? – Did the adversary modify their TTPs? • Facilitate reporting and trend analysis 14
  • 15. A Few More Basics • Handlers should have as much access as required to take immediate action – Remove phish / spearphish from user’s inbox – Blacklist IP and / or Domain – Disable account – Block device from accessing network • But know contact info for technical SMEs if required – Email – DNS – Firewall – Routers 15
  • 16. Incident Handling Step-by-Step 1. Identify 2. Contain 3. Neutralize 4. Recover / Report 5. Document / Assess 16 NIST SP 800-61 Rev 2
  • 17. Handler Morning Routine • Provides initial situational awareness of detected / reported events • To-do list to start the handler’s day • Repeatable / sustainable • Hosted on wiki -> collaborative effort 17
  • 18. Incident Handling Step-by-Step 1. Identify 2. Contain 3. Neutralize 4. Recover / Report 5. Document / Assess 18 NIST SP 800-61 Rev 2
  • 19. Incident Handling Step-by-Step 1. Identify 2. Contain 3. Neutralize 4. Recover / Report 5. Document / Assess 19 NIST SP 800-61 Rev 2
  • 20. Incident Handling Step-by-Step 1. Identify 2. Contain 3. Neutralize 4. Recover / Report 5. Document / Assess 20 NIST SP 800-61 Rev 2
  • 21. Incident Handling Step-by-Step 1. Identify 2. Contain 3. Neutralize 4. Recover / Report 5. Document / Assess 21 NIST SP 800-61 Rev 2
  • 22. Incident Handling Step-by-Step 1. Identify 2. Contain 3. Neutralize 4. Recover / Report 5. Document / Assess 22 NIST SP 800-61 Rev 2
  • 23. JIRA Incident Template - Example 23
  • 24. JIRA Incident Template - Example 24
  • 25. JIRA Incident Template - Example 25
  • 26. JIRA Incident Template - Example 26
  • 27. JIRA Incident Template – Example 27
  • 28. JIRA Incident Template - Example 28
  • 29. JIRA Incident Template - Example 29
  • 30. Summary • BYOD environment increases IH complexity • Maximize automation and use of templates to standardize process • Document as much as possible • Marathon – not a sprint – Wiki / JIRA provide for collaboration and rapid, continuous changes to SOPs, etc. • User training and reporting mechanism (abuse@nps.edu) critical 30