Abstract:Incident Response (IR) is a systematic approach to addressing and managing security incidents, intending to minimize damage and reduce recovery time. The incident response lifecycle typically involves preparation, identification, containment, mitigation, and recovery. The initial step consists of creating an incident response plan, defining roles, and employing the necessary tools. Identification focuses on leveraging threat intelligence for early detection of incidents, whereas containment aims to limit the damage. The mitigation step involves resolving the root cause, and recovery aims to restore operations and business continuity.
The first session of this webinar series aims to understand what it is like to go through each stage of the IR lifecycle and cover associated protocols and strategies through the lens of real-world scenarios.
- Introduction to the current threat landscape
- Introduction to incident response lifecycle
- Walk through the IR lifecycle via a case example to highlight each stage.
- Incident identification and reporting
- Quarantine affected devices and network segments
- Mitigation for impacted devices and networks
- Data recovery and business continuity
- Designing/Redesigning a holistic IR plan for different IT environments
- Benefits of a holistic IR and business continuity policy
Eder Ribeiro, Senior Cyber Security Program Manager
Eder is a graduate of Roger Williams University School of Law, where he earned his Juris Doctor. He has also earned a Master of Science in Cyber Security. He has led TransUnion’s Incident Response Forensics (IRF) team over the last six years. In his “leading from the front” style, Eder has led the IRF team through thousands of cases ranging from unauthorized cryptocurrency mining, ransomware, business email compromises, and much more.
Eder also has 16 years of experience in the United States Rhode Island Army National Guard, where he led troops as team leader on a combat deployment in the Kandahar Province in support of Operation Enduring Freedom and currently performs duties at the state headquarters level. Eder is a certified mediator. Eder’s expertise includes solution/product creation, program development and expansion, threat assessment, risk mitigation, security process improvement, privacy compliance, and contract drafting. He has worked with over 1,000 organizations in his current capacity, helping them determine and react to the nature of their security incident breaches and determining the best course of action to recover to safe operations and meet compliance obligations.
*Examples, analysis, views and opinion shared by the speakers are personal and not endorsed by EC-Council or their respective employer(s)