A strong incident response plan is a key component of any organization’s cyber defense. Many organizations, however, have an ineffective, or no cyber response plan in place at all. Such a plan can help you identify and respond quickly to a cyber incident, and mitigate the financial and reputational costs. As experienced cyber professionals they have worked with organizations across all industries to develop and improve their cyber incident response plans.
In the first part of this presentation, they will talk you through best practices and key components related to your incident response plan, including incident definition, roles & responsibilities, and the incident response life cycle.
The second part of this presentation will be an interactive walk-through of a realistic cyber incident.
- Understand the difference between an event and an incident, and why the distinction is important.
- Learn how to build out your Incident Response Team (IRT) and who should be included.
- Visualize your IR Plan by discussing a real-world cyber scenario.
About Lucie Hayward
Lucie Hayward, CISSP, PMP, CISA is a Vice President with Kroll’s Cyber Security and Investigations practice. She has over 15 years of experience in the project management and security fields. She assists clients in responding to cyber incidents, as well as creating Incident Response Plans and conducting Tabletop Exercises. She is a former ISSA and ISC2 board member, and was the 2015-2016 President of the PMI Nashville Chapter.
About Nickolas Savage
NICKOLAS B. SAVAGE is currently an Associate Managing Director for Cyber Risk for Kroll. In 2019, Mr. Savage retired with the Federal Bureau of Investigation (FBI) after having served 20 years and nearly 27 years in law enforcement. Mr. Savage was awarded a Master of Science in Information Technology and a Master of Public Management from Carnegie Mellon University and a Master of Science in Criminal Justice from Boston University. In 2009, after having spent nearly 10 years as a case agent and coordinator for numerous programs in the FBI Tampa Division, Orlando Resident Agency, Mr. Savage came to Cyber Headquarters and was assigned to the National Center for Missing and Exploited Children (NCMEC) as the FBI’s cyber liaison. In 2010, Mr. Savage returned to FBI Cyber HQ and was tasked with managing the Strategic Initiative and Operations Section (SIOS) and had management responsibilities for the national Innocent Images program, Cyber Education, the Public Private Alliance Unit (InfraGard), and the Internet Crime Complaint Center (IC3). In 2011, Mr. Savage managed the Cyber Criminal Section and had nationwide responsibilities for all FBI cyber criminal investigations. In 2012, Mr. Savage had management responsibilities for national security investigations involving Asia, Middle East/Africa, and Europe. During a five-year assignment beginning in 2013, Mr. Savage had management responsibility for the Cyber Branch for the FBI Washington Field Office (WFO) – this responsibility included all criminal and national security cyber investigations, and managed three digital forensic laboratories within WFO and a fourth lab with a USIC partner. Beginning in 2018, in his last assignment with the FBI, Mr. Savage had responsibilities for the Counterterrorism, Cyber, Intelligence, and Crisis Response Branch for the Baltimore Field Office. Mr. Savage also was awarded joint duty credit for his service with the Central Intelligence Agency (CIA).