developing a critical incident response

AtlangAtlang Member Posts: 2 ■□□□□□□□□□
Bankers Association would like to implement a Critical incident response infrastructure (BBA CSIRT) that will enable the association to collect and analyze Cyber Threat data and use this intelligence to alert their members of evolving or existing threats, incidents and vulnerabilities and advice on mitigation steps or best practices. Your Role: Come up with an approach that will guide us in developing a critical incident response infrastructure for BA. 

Best Answer

Answers

  • chrisonechrisone Senior Member Member Posts: 2,200 ■■■■■■■■■□
    edited February 19
    Tell your employer I am free Mon, Wed, & Thursday for 2-3 hrs each evening. I can help develop IR Playbooks for a substantial fee using the NIST framework.  B)
    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2021 Goals
    Courses: eLearnSecurity - PTXv2 (complete), SANS 699: Purple Team Tactics (completed), PentesterLabs Pro (ongoing)
    Certs: eCPTXv2, CRTE, AZ-500, SC-200 (fail 1st attempt)
  • AtlangAtlang Member Posts: 2 ■□□□□□□□□□
    It's an assignment.
  • SteveLavoieSteveLavoie Member Posts: 950 ■■■■■■■■□□
    Atlang said:
    It's an assignment.
    Ok, so start by reading the NIST Framework and make up your own mind :) Then once you have specific question, go ahead and ask :)
  • egrizzlyegrizzly B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+ Member Posts: 430 ■■■■□□□□□□
    edited February 22
    I'll be the sucker here that threw you a bone with more info.  However that's because I had a similar question in the recent past and somebody threw me a bone.  A really big bone for that matter.  So here goes.

    In your very next meeting with your manager/executive or whatever when they ask you.  "Heh, on that cyber thing do you have a plan yet?"  What you're gonna need to do is tell them. "yeah, we're going to be meeting those requirements using the NIST Cyber Security Framework".  However to get something going real quick we can use components of the CIS Top 20 for our immediate need.  I've identified these elements from the CIS Top 20 below:

    CIS Top 20
    #3 Continuous Vulnerability Management
    #6 Maintenance, Monitoring, and Analysis of Audit Logs
    #8 Malware Defenses
    #16 Account Monitoring and Control
    ------------

    Now after that's said and done you want to dive into the NIST CSF as this is the framework you'll be using to fulfill those requirements over the next 6months or whatever timeline your manager has agreed to. Visit https://www.nist.gov/cyberframework/new-framework#videos then basically 
    start from the top-left item labelled "New To Framework" and work your way down to familiarize yourself with it.  That site does an extremely good job of baby-stepping you on the method to use NIST CSF to meet those requirements.

    Be confident.  You can rock it! Hope this helps.
    B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
Sign In or Register to comment.