This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Tuesday, April 28 • 13:00 - 14:00
Essentials of Incident Response

Sign up or log in to save this to your schedule and see who's attending!

This workshop aims to cover the three key areas required to build an effective Incident Response capability:-

1. Legal
- Contracts/NDAs/permission to call in other staff/work off site/take IP data away from the network/site.
- Noting that EU/US Privacy/SEC laws/Regulation in play here (Plus IP etc) - as in many IR companies are US based, what do we do about privacy/disclosure/Ip protection.

2. Working with the team
- What to expect when they are onsite - space/access/briefing needs
- Getting the basis together: Points of Contact, Network Schematics,
OS/App deployment info, Barrier info (AV, FW, SIEM, Logs, N/HIPS, Netflow etc).
- What to release to who, when and how - secure methods of communicating with the team, sharing files and getting legal's approval for all this.
- Getting quotes or ROMs for extras like "We will just send this back to the office for off-site malware analysis"
- What does a badly controlled engagement look like? Where does the fault lie?

3. Tech
- What to configure to improve logging fidelity
- Various new MS updates for logins exe hashes, File system journaling, prefetch enabling, shadow copy enabling etc.
- When to call it a day
- What to do afterwards - making the remediation hold
- Maintaining the momentum
- Fixing the problem to prevent the reoccurrence


Tuesday April 28, 2015 13:00 - 14:00
2 - Premium Speaking Track