Building Your Incident Response Program
Dan Hadaway and Chad Smith are presenting their workshop titled “Building Your Incident Response Program – “Do we HAVE to tell our customers?”” through the Indiana Bankers Association. This workshop is scheduled for November 17, 2011.
Every time we choose “accept” as a risk response decision, we rely more heavily on our ability to respond when a threat truly does exploit a vulnerability. Even when we select “mitigate” and implement new controls, we do so knowing that those controls will sometimes break. We know the notion of 100% security is a myth. There’s always that event nobody could predict. Our defenses will eventually be breached. This workshop will help you create a program that addresses residual technology risk.
- The FFIEC standards vs. the Law vs. Examiner Focus vs. Effective Information Security Strategy.
- Fitting Incident Response into your existing IT Governance program.
- Creating an Incident Response Policy that your Board understands.
- Creating the Incident Response Team.
- Incident Response Team responsibilities and how to streamline meetings for maximum productivity.
- Incident response planning.
- Creating and using a decision tree.
- Integrating incident response into your existing Risk Management Program.
- Identifying Potential Incidents to Plan for (knowing that the one that will hit is the one we didn’t plan for!)
- Managed Security Service Providers and how to put them on your team.
- Monitoring techniques, reporting methodologies, and how to maximize their value.
- When do we have to inform our customers?
- Dealing with the Media, your Customers, and your Employees during an incident.
- When to bring law enforcement in, and how to actually get something done.
- Forensics: Why, What, When, and How.
Who Should Attend
Information Security Officers, Security Officers, and any member of your Incident Response Team will greatly benefit from the deliverables and ideas shared in this workshop.
- Board-Level Incident Response Policy
- Incident Response Plan
- Decision Tree
- Incident Management and Reporting Tools
- Media Kit
- Customer Communication Kit
For complete details and to register for the event, see the Indiana Bankers Association’s event brochure: Building Your Incident Response Program
Leave a comment
Hiding in a VirtualBox VM, the new Ragnar Locker ransomware is currently undetectable
A Webinar Short Small banks who outsource network supports have a conundrum on their
Another awareness poster for YOUR customers (and users). Now that we have our own em