Presentation is loading. Please wait.

Presentation is loading. Please wait.

Incident Response (IR) / Change Control (CC) Jose L. Orozco.

Published byMary Nichols Modified over 8 years ago

Similar presentations

Presentation on theme: "Incident Response (IR) / Change Control (CC) Jose L. Orozco."— Presentation transcript:

1 Incident Response (IR) / Change Control (CC) Jose L. Orozco

2 IR /CC Three Forms and One Roster Initial Incident Response Notification Form Incident Response Closure Form Change Management Form Change Control Roster IR Detection and Determination and Change Control Deadlines Within 2 hours of detection report incident using the Initial Incident Response Notification Form Within 1 hour Emergency change control requires all changes to be submitted to the Change Control Manager 15 minutes prior to Change Control Meeting Change Control Roster for rapid change protocol—logged and reported after the fact Once the CSIRT declares the incident resolved, and all systems returned to normal, the team must complete the Incident Response Closure Form Scoring MAY Mitigate up to 50% of the Penalties associated with the actions Successful Detection, Prevention, Resolution, and Accurate Reporting Example: Red Team hack successfully compromises a server resulting in 200 points lost for the team BUT team detects the attack, repulses the attacker, recovers control of the system, and prevents subsequent attack, submits both IR forms and appropriate Change management form Team MAY receive up to 100 points back if reported in a timely manner Penalties Minor infractions (50 points), failure to submit emergency change notice (20 points), failure to specify routine vs. emergency change (125 points)

3 CC Change Types Change Type 1 - Prior Approval Prior Approval of the Change Control Committee (CCC) Fill out Change Management Form and submit 15 minutes before meeting Get approval at Change Control Meeting Change Type 2 - Emergency Change Notification Change that requires notification to the CCC after the fact of implementation Change Type 3 - Non Reportable Change Change that does not require any notification to the CCC Change Type 4 - Unknown Change Impacts Change that is uncertain if it requires CCC approval Periods of Rapid Change Considered Change Type 3 but require Regional Manager (SECCDC Team Leader) approval

4

5

6 1 hr Time Limit

7 Change Control Roster for rapid change protocol—logged and reported after the fact Group is told by CIO that it is a Period of Rapid Change.

8

Download ppt "Incident Response (IR) / Change Control (CC) Jose L. Orozco."

Similar presentations

Plan Of Work staff/sis-resources.html.

Plan Of Work staff/sis-resources.html.
WASHINGTON FIRE SERVICES RESOURCE MOBILIZATION PLAN 2013 VERSION

WASHINGTON FIRE SERVICES RESOURCE MOBILIZATION PLAN 2013 VERSION
PI Teams What I have learned & am still learning! Chris Cockrell RN Performance Improvement Manager Clark Fork Valley Hospital.

PI Teams What I have learned & am still learning! Chris Cockrell RN Performance Improvement Manager Clark Fork Valley Hospital.
Performance Management Plans Workshop 23 rd September 2010.

Performance Management Plans Workshop 23 rd September 2010.
Elections Process. You are the IEA-NEA Proper conduction of elections is your responsibility ! Labor organizations are governed by the Landrum-Griffin.

Elections Process. You are the IEA-NEA Proper conduction of elections is your responsibility ! Labor organizations are governed by the Landrum-Griffin.
 Definition  Goals  Elements  Roles and Responsibilities  Accomplishments.

 Definition  Goals  Elements  Roles and Responsibilities  Accomplishments.
The Use of Counseling and Discipline to Improve Employee Productivity.

The Use of Counseling and Discipline to Improve Employee Productivity.
Best Practices – Overview

Best Practices – Overview
Remedyforce Value Enablement Kit – Change Management

Remedyforce Value Enablement Kit – Change Management
Faculty Position Request Form Department Chair completes and submits the Faculty Position Request Form to the appropriate Dean, who then submits it to.

Faculty Position Request Form Department Chair completes and submits the Faculty Position Request Form to the appropriate Dean, who then submits it to.
Emergency Database Failover: Impacts & Recovery Plan

Emergency Database Failover: Impacts & Recovery Plan
Timesheet Analysis Score My Team. Time Sheets Time Sheets points are accrued by your billable minutes. The following are considered billable minutes Time.

Timesheet Analysis Score My Team. Time Sheets Time Sheets points are accrued by your billable minutes. The following are considered billable minutes Time.
Emergency Response: Preparing for Disasters & Emergency Incidents June 2, 2015 Guest Secured Password: rangers!

Emergency Response: Preparing for Disasters & Emergency Incidents June 2, 2015 Guest Secured Password: rangers!
Incident Reporting Procedure

Incident Reporting Procedure
Discovery Planning steps (1)

Discovery Planning steps (1)
Sigma 101 Paper Work Goals and Objectives To spark interest in brothers to seek leadership roles at all levels of Sigma. To have consistent and timely.

Sigma 101 Paper Work Goals and Objectives To spark interest in brothers to seek leadership roles at all levels of Sigma. To have consistent and timely.
Thursday, January 23, 2014 10:00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.

Thursday, January 23, :00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.
Science Olympiad Workshop Arbitration: “Here Comes the Judge” November 1, 2013 David B. Johnson.

Science Olympiad Workshop Arbitration: “Here Comes the Judge” November 1, 2013 David B. Johnson.
SERVICE MANAGER 9.2 CHANGE PRESENTATION JUNE 2011.

SERVICE MANAGER 9.2 CHANGE PRESENTATION JUNE 2011.
1. Objectives  Describe the responsibilities and procedures for reporting and investigating ◦ incidents / near-miss incidents ◦ spills, releases, ◦ injuries,

1. Objectives  Describe the responsibilities and procedures for reporting and investigating ◦ incidents / near-miss incidents ◦ spills, releases, ◦ injuries,

Similar presentations

Ads by Google