CISA Cybersecurity Incident Response Playbooks - Episode 3 Detection and Analysis

This series takes a look at the Cybersecurity and Infrastructure Incident Response and Vulnerability playbook. This playbook, released in November 2021, provides an outline of how all FCEB agencies should implement their incident response plans. This eight-episode series will look at each section of the playbook and break out the important considerations for each.

Episode 3 of the CISA Incident Response Playbook covers Detection and Analysis. This episode covers the process from declaring an incident to CISA, to the main objectives that should be accomplished, and questions answered during your analysis. Be sure to check out the previous two episodes if you haven’t already so you understand how we got to this point, and why forensics and tools like FTK play an important role in your Incident Response plan.

Resources:
Cyber Security Incident & Vulnerability Response Playbooks - CISA, November 2021
Improving the Nation’s Cyber Security. - Executive Order 14028, May 2021
Computer Security Incident Handling Guide. - NIST 800-61 rev2, August 2012
Zero Trust Architecture - NIST 800-207, August 2020