Overview of the Computer Security Incident Response Plan Process Resource Center
Mobilized CSIRP: Visually Intuitive, Accurate, Complete, Succinct Content Available On-the-Go Process Resource Centers: Customized Web Frameworks that Place CSIRP Policies, Processes, and Resources at the Fingertips of All Stakeholders When and How They Need It Visually Illustrates the Incident Response Plan in a Fashion that Enables All Stakeholders to Quickly Get on the Same Page Includes dynamic links and navigation to: Segmented visually intuitive workflows and response protocols Clearly defined roles and responsibilities, contacts, glossaries, forms, websites, videos and other resources as needed Links to applications and required information sources Centralized, Accessible via Desktops, Laptops, Tablets, and Mobile Phones HTML Version Can Run Entirely from a Jump-Kit Laptop and Mobile Phone if Network is Unavailable
CSIRP Process Resource Center for the NIST SP 800-61 R2 Incident Response Lifecycle Widely Referenced Incident Response Lifecycle Extensive Availability of Supportive Authoritative Referenceable Sources
NIST SP 800-61 R2 Community CSIRP Process Resource Center Home Page
Customized Web-Based Computer Security Incident Response Plan (CSIRP) Visually Intuitive Navigation Centralized Access to Supporting Resources NIST SP 800-53, 83, 83r2, 84, 184, 86, SANS, CERT, US & ICS-CERT, ISAC, MITRE, Specific Vendor Best Practices and more Each phase contains relevant intuitive workflows, supporting reference material where they apply within the process, and end-to-end accountability Reference center provides additional resources like threat playbooks and links to sites that provide malware remediation assistance
Home Page of CSIRP Process Resource Center Expanded Intent & Key Definitions
CSIRP Home Page Linked Document CSIRP Web Framework Overview
CSIRP 1.0 Preparation Preparation is about: Establishing and training the incident response team Proactively planning specific responses for the likely attacks the organization may face Acquiring the necessary incident response tools and resources Preparing the team to effectively react within minutes of unfamiliar attacks Testing plans and preparedness Continuously improving the incident response posture with lessons learned, industry updates, and reconnaissance
1.1 Create Computer Security Incident Response Team Charter (CSIRT) CSIRT Charter Establishes written management commitment to the CSIRP Defines goals, scope, levels of authority, roles, and responsibilities
Step 1.4: Create Response Plans for Incident Types Defined in Step 1.2, the Compliance & Threat Requirements Library
CSIRP 2.0 Monitor, Detection, & Analysis Monitor, Detection, & Analysis: The Monitor function was added to Detection and Analysis Monitor, Detection, & Analysis is about recognizing, receiving, analyzing and classifying all cybersecurity events and determining which are actual incidents vs. security or maintenance events Prioritizing the handling of incidents Event escalation path alternatives
2.1 Monitor and Detection
2.1 Monitor and Detection
2.2 Analysis
Fingertip Access to SOPs and Best Practices When Required Logically in the Plan
CSIRP 3.0 Containment, Eradication, & Recovery Containment, Eradication, & Recovery is about: Isolating the attacked system(s) Quickly and effectively determining the appropriate containment method Stopping the damage to the infected host(s) Tracking down other system infections and remedying them Ensuring the attack is fully remedied Bringing functionality back to normal Monitoring to ensure there are no lingering components of the attack
3.1 Containment, Eradication, & Recovery
CSIRP 4.0 Post-Incident Activity Post-Incident Activity is about Conducting robust assessments of lessons learned Ensuring the appropriate actions are taken to prevent recurrence of the vulnerability exploit Conducting forensics to aid understanding and remedy the vulnerability, the exploit, and to support possible legal actions
4.0 Post-Incident Activities
4.0 Post-Incident Activities
Reference Center
Library Contains Integrated Full Document for Regulatory and Audit Requirements
CSIRP Management Contacts
Visual End-to-End Total Accountability SIPOC Combined with RACI Eliminate Silos
Designed to Adapt to Desktops, Laptops, Tablet, and Mobile Phones
Adapt to Any Compliance Standards
Process Management Contact Contact: Henry Draughon Process Delivery Systems (972) 980-9041 hdraughon@processdeliverysystems.com www.processdeliverysystems.com Manage the Forest and the Trees Bridging the Gap Between Operations and Strategy