Look, no matter how much you plan, your stuff is going to fail. Stuff breaks, the world is full of people whose job it is to break into your network, and you have certainly cut a corner somewhere.
Now that we’ve made peace with the idea that our best laid plans will at some point go awry, how do we make sure that we minimize the damage?
We’ll talk briefly about the NIST Risk Management Framework
We’ll talk about Risk Assessments and how to do them.
We’ll talk about making a formalized data breach plan. Who gets notified, in what order, what are the plans to mitigate the breach, how do you resume normal operations.
We’ll talk about doing a pre-mortem. Do a drill in which you pretend your systems have failed. Ask yourself how they would fail and how to mitigate it.
You absolutely need to involve others in your planning. Outside perspectives are crucial to good planning.
Hopefully 5-10 minutes for questions.
By the end of the session, attendees should have a grasp of NIST Risk Management, Risk Assessments, and incident planning.
Session Type60 minute session
- Basic NIST risk management
- How lead a risk assessment
- Incident protocol planning