All Episodes
Displaying 81 - 100 of 113 in total
PR.IR-04 - Maintaining Resource Capacity for Availability
PR.IR-04 maintains sufficient resource capacity—storage, compute, power, and bandwidth—to ensure system availability, monitoring usage and forecasting needs. This proa...
DE.CM-01 - Monitoring Networks for Adverse Events
DE.CM-01 focuses on continuously monitoring networks and network services, such as DNS and BGP, to detect potentially adverse events like unauthorized connections or t...
DE.CM-02 - Watching the Physical Environment for Threats
DE.CM-02 involves monitoring the physical environment housing technology assets to detect adverse events, such as unauthorized access or tampering with controls like l...
DE.CM-03 - Tracking Personnel and Technology Usage
DE.CM-03 monitors personnel activity and technology usage to identify potentially adverse events, such as insider threats or policy violations, using tools like behavi...
DE.CM-06 - Monitoring External Service Providers
DE.CM-06 requires monitoring the activities and services of external providers—like cloud platforms or ISPs—to detect adverse events that could impact the organization...
DE.CM-09 - Detecting Threats Across Technology Stacks
DE.CM-09 involves monitoring hardware, software, runtime environments, and associated data to detect adverse events like malware, phishing, or tampering. This includes...
DE.AE-02 - Analyzing Adverse Events for Insights
DE.AE-02 focuses on analyzing potentially adverse events to understand their nature, using tools like SIEM systems to examine log events for malicious or suspicious ac...
DE.AE-03 - Correlating Data from Multiple Sources
DE.AE-03 correlates information from diverse sources—like logs, sensors, and threat intelligence—to build a unified picture of potential adverse events. This involves ...
DE.AE-04 - Estimating the Impact of Adverse Events
DE.AE-04 estimates the impact and scope of adverse events to gauge their potential harm, using tools like SIEMs or manual analysis to assess affected assets and severi...
DE.AE-06 - Sharing Adverse Event Information
DE.AE-06 ensures that information about adverse events is promptly shared with authorized staff—such as SOC teams and incident responders—and integrated into response ...
DE.AE-07 - Enhancing Analysis with Threat Intelligence
DE.AE-07 integrates cyber threat intelligence and contextual data—like asset inventories or vulnerability disclosures—into adverse event analysis to enhance accuracy a...
DE.AE-08 - Declaring Incidents Based on Criteria
DE.AE-08 involves declaring incidents when adverse events meet predefined criteria, such as severity or scope, ensuring a formal response is triggered. This process ac...
RS.MA-01 - Executing the Incident Response Plan
RS.MA-01 initiates the execution of the incident response plan in coordination with third parties—like outsourcers or suppliers—once an incident is confirmed. This inc...
RS.MA-02 - Triaging and Validating Incident Reports
RS.MA-02 involves triaging and validating incident reports to confirm their cybersecurity relevance and need for response, applying severity criteria to prioritize act...
RS.MA-03 - Categorizing and Prioritizing Incidents
RS.MA-03 categorizes incidents—such as ransomware or data breaches—and prioritizes them based on scope, impact, and urgency, balancing rapid recovery with investigatio...
RS.MA-04 - Escalating Incidents When Needed
RS.MA-04 ensures incidents are escalated or elevated to higher levels of authority or expertise when their complexity or impact exceeds initial handling capabilities. ...
RS.MA-05 - Initiating Incident Recovery
RS.MA-05 applies predefined criteria to determine when to shift from response to recovery, based on incident characteristics and operational considerations. This decis...
RS.AN-03 - Investigating Incident Causes
RS.AN-03 conducts detailed analysis to reconstruct incident events, identify involved assets, and pinpoint root causes, such as exploited vulnerabilities or threat act...
RS.AN-06 - Recording Investigation Actions
RS.AN-06 ensures that all investigative actions during an incident—like system checks or containment steps—are meticulously recorded, with integrity and provenance pre...
RS.AN-07 - Preserving Incident Data Integrity
RS.AN-07 focuses on collecting and preserving incident data and metadata—such as source and timestamps—using chain-of-custody procedures to ensure integrity. This comp...