I was wondering if anyone had a good security incident checklist they would be willing to share? I am a one person shop where I work and assistance would be greatly appreciated. Thanks.
A couple of good resources:
Blue Team Handbook. Can get off Amazon. You'll want vol1, as vol2 is about SOCs. Website for it http://www.blueteamhandbook.com/ (hope this link works)
From NIST, the Computer Security Incident Handling Guide, SP800-61R2, which you can find here: https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final
The BTH may be more useful. Gives checklists and the like for the 6 steps of incident response from SANS and most other groups. NIST basically compresses three of the steps as 1.
Thanks. I ordered the book.
I created a checklist using a randomware attack vector that i can share.
Yes, I would be interested in a Ransonware attack IR checklist. Would appreciate if you can share it, if you don't mind. Thank you in advance.
Over a year ago Lisa @lmsaeb asked, "I was wondering if anyone had a good security incident checklist they would be willing to share? I am a one person shop where I work and assistance would be greatly appreciated. Thanks."
I apologize for being late to the party, but reviewing the responses I saw a very important resource missing.
Be sure to mine the resources of both SANS https://www.sans.org/ and the SANS Technology Institute https://www.sans.edu/ ,
Search the following resources for "incident response."
SANS Security Policy Templates
SANS Technology Institute Cybersecurity Research Papers
Incident Response Checklist for Ransomware:
1) Make a backup.
2) Make multiple types of backup.
3) Check your backups occasionally.
Rob's list is how one mitigates risk regarding ransomware. To it, I would add:
The corresponding incident response is pretty much the same as any malware:
Additional items that should be considered: