Incident Manager Training
Incident Response Basics and IR Plan Training
While HALOCK customizes incident training to match your organization’s plan, the general format is the same for all clients:
Review of the Basics. In this phase of the training, attendees become familiar with the key responsibilities of the incident response team (IRT) when handling a security event or incident. We go over incident response basics, terms, roles and responsibilities of the team members, plan phases (alerting, triage, investigation, containment, eradication, recovery, learning and planning), communications management, managing priorities and notification obligations.
Tabletop Exercises.We create two types of scenarios that are relevant to your organization. These scenarios are customized to meet the concerns of the organization, and will include the actual names of client systems, departments, etc., in order to increase the validity of the scenario. In the first set of scenarios (usually 4-6 can be covered in a typical training session) we present a hypothetical breach along with a mix of technical and nontechnical information, including the impact of the data compromise or integrity issue, and the availability of key systems. The facilitator asks participants the following questions regarding the scenario, which are discussed with the team:
- What are their concerns?
- What is their role?
- How should this incident be classified?
- To whom should they communicate?
- What message should they communicate?
- What questions would they like to ask?
The second scenario is one in which the entire plan is examined from the very beginning. This scenario illustrates to the nontechnical team members what would have happened before the entire team is called together.
Sample Topics Presented During Training
The following or similar topics are covered during training to ensure that the team understands the plan and has a good grasp of how to respond in the event of a cybersecurity incident.
- Operating the IR Plan
- Response by Incident Type (e.g., an operations incident vs. a security breach)
- Communications Management
- Managing Priorities
- Key activities per phase
- Escalation Procedures
- Notification Obligations
- Lessons Learned
This training fulfills your requirements for an annual test of your IR plan and provides training for new staff.