Episode 5 - NIST SP 800-61 Computer Security Incident Handling Guide (Post-Incident Activity)

Update: 2024-06-12

Description

This is the biggest episode from a content perspective so far. I'm excited to share it with you.

Episode Highlights:

How to run post-incident debriefs and post-mortems.
Involving external teams
Using lessons learned to form actionable insights.
Key questions to address in incident analysis.
Effective report writing strategies, including timelines and executive summaries.
Evaluating and improving incident response procedures and tools preparation.
Engaging broader teams in the debrief process for better cooperation.
Tracking and documenting incident response efforts for continuous improvement.

Key Takeaways:

Post-incident debriefs and post-mortems afford the most value for learning, improving incident response and preventing reoccurance.
Using structured frameworks and guidelines, like NIST 800-61, provide valuable direction for how to run your debrief and post-mortem meeting.
Effective communication, documentation, and cooperation across teams enhance incident handling and future preparedness.

Comments

Top Podcasts

The Best New Comedy Podcast Right Now – June 2024 The Best News Podcast Right Now – June 2024 The Best New Business Podcast Right Now – June 2024 The Best New Sports Podcast Right Now – June 2024 The Best New True Crime Podcast Right Now – June 2024 The Best New Joe Rogan Experience Podcast Right Now – June 20 The Best New Dan Bongino Show Podcast Right Now – June 20 The Best New Mark Levin Podcast – June 2024

In Channel

Episode 15 -Windows event log analysis with Hayabusa. The Sigma-based log analysis tool

2024-10-1523:20

Episode 14 - AI and the future of log analysis, bug detection, forensics and AI ethical considerations with Jonathan Thompson

2024-09-2201:08:33

Episode 13-ELK EDR and Sandboxing, Home grown CTF environments, DFIR Automation & Forensics in the cloud, with Jacob Wilson

2024-08-2054:55

Episode 12 - You're forced to decide: Cyber Generalist or Cyber Specialist?

2024-08-1317:47

Episode 11 - Velociraptor, Containerisation and Infrastructure Deployed as Code with Myles Agnew

2024-07-2952:46

Episode 10 - Detecting and Preventing Phishing Attacks

2024-07-1719:04

Episode 9 -Unmasking APT40 (Leviathan): Tactics, Challenges, and Defense Strategies

2024-07-1221:48

Episode 8 - Hidden digital forensic logging for Cybersecurity on Any Budget: Practical Strategies for Enhanced Detection and Prevention Using Sysmon, Blocking Data Exfil with group policy and printer forensics

2024-07-0719:57

Episode 7 - Defending Against Scattered Spider: Understanding Their Tactics, Techniques, and Procedures

2024-06-2517:07

Episode 6 - Responding to ransomware - is your VPN a target? Plus ransomware risk mitigation with Phil Ngo

2024-06-2026:11

Episode 5 - NIST SP 800-61 Computer Security Incident Handling Guide (Post-Incident Activity)

2024-06-1233:06

Episode 4 - NIST SP 800-61 Computer Security Incident Handling Guide (Containment,Eradication and Recovery)

2024-06-0722:10

Episode 3 - (Part 2) NIST SP 800-61 Computer Security Incident Handling Guide (Detection)

2024-05-3111:41

Episode 3 - NIST SP 800-61 Computer Security Incident Handling Guide (Detection)

2024-05-2846:52

Episode 2 - NIST SP 800-61 Computer Security Incident Handling Guide (Preparation)

2024-05-1727:17

Episode 1 - Digital forensics trends and preparations, learning from real life case studies & DFIR training for getting started

2024-05-1623:27

00:00

Episode 5 - NIST SP 800-61 Computer Security Incident Handling Guide (Post-Incident Activity)

#box-pro-ellipsis-173457737124225{-webkit-line-clamp:2;}Episode 5 - NIST SP 800-61 Computer Security Incident Handling Guide (Post-Incident Activity)

Episode 5 - NIST SP 800-61 Computer Security Incident Handling Guide (Post-Incident Activity)

Episode 5 - NIST SP 800-61 Computer Security Incident Handling Guide (Post-Incident Activity)