DeepSec 2015 Workshop: Practical Incident Handling – Felix Schallock
Things go wrong or break, it’s just a matter of time. Ask your sysadmin about this. Apart from wear and tear, there are information security incidents that tend to ruin your perfect day at the office. What happens next? What do you do when noticing that your infrastructure has been compromised? Where do you start? Who needs to be told? Few employees know the answers to these questions. While you might have policies in place that regulate everything one needs to know, the practice looks wildly different. Apart from having a plan, you need to test if your plan works. At DeepSec 2015 Felix Schallock will show you what to do when digital lightning strikes. During two days of training you will take a tour on how to address and handle incidents properly.
During the two days we will handle the why, what, who and how of incident handling (IH) including how to avoid common pitfalls. Furthermore we will use a case study to get hands-on with the phases of incident handling. Starting with why we will examine the benefits of having an incident process leading to the how to justify and right-size the efforts necessary to build and run it. The what will provide you information on what is necessary to be set up prior to your incidents. Then we will dive into more details on the phases of Preparation, Identification, Containment, Eradication, Recovery and Lessons Learned (PICERL) and determine how we can thoroughly establish the IH process. A case study will support our hands-on thinking about typical incidents and what/how is necessary to handle them.
We recommend Felix’s workshop to anyone who is convinced to be prepared for security incidents or has a shiny policy regarding incidents hanging at the office wall. A proper response can save you a lot of headache and (digital) damage. The course is designed for all (IT) ages; managers, coders, sysadmins, pentesters, auditors, quality managers, et. al. may attend without parental guidance.
Felix Schallock is a Director at TIBITS Consulting GmbH, a Senior Partner at SEC4YOU Advanced IT-Audit Services GmbH and a SANS mentor for SEC504 and SEC506, providing IT consulting and auditing services. With more than 20 years of experience in IT / IS / IT Auditing and IT Forensics he has handled many incidents and supported others. Felix has the CISA, CISM, CISSP, GCUX, GCIH, GPEN and other certifications.