All Episodes
Displaying 101 - 113 of 113 in total
RS.AN-08 - Assessing Incident Magnitude
RS.AN-08 estimates and validates an incident’s magnitude by assessing its scope and impact, searching other targets for indicators of compromise or persistence. This i...
RS.CO-02 - Notifying Stakeholders of Incidents
RS.CO-02 ensures timely notification of internal and external stakeholders—like customers, partners, or regulators—about incidents, following breach procedures or cont...
RS.CO-03 - Sharing Information with Stakeholders
RS.CO-03 involves sharing incident information with designated stakeholders—both internal, like leadership, and external, like ISACs—consistent with response plans and...
RS.MI-01 - Containing Cybersecurity Incidents
RS.MI-01 focuses on containing incidents to prevent their expansion, using automated tools like antivirus or manual actions by responders to isolate threats. This can ...
RS.MI-02 - Eradicating Incident Threats
RS.MI-02 ensures incidents are fully eradicated, removing threats like malware or unauthorized access through automated system features or manual responder actions. Th...
RC.RP-01 - Launching Incident Recovery Efforts
RC.RP-01 initiates the recovery phase of the incident response plan once triggered, ensuring all responsible parties are aware of their roles and required authorizatio...
RC.RP-02 - Prioritizing Recovery Actions
RC.RP-02 involves selecting, scoping, and prioritizing recovery actions based on incident response plan criteria and available resources, adapting as needs shift. This...
RC.RP-03 - Verifying Backup Integrity
RC.RP-03 ensures backups and restoration assets are checked for integrity—free of compromise or corruption—before use in recovery efforts. This verification prevents r...
RC.RP-04 - Restoring Critical Functions Post-Incident
RC.RP-04 considers critical mission functions and cybersecurity risks to define post-incident operational norms, using impact records to prioritize restoration order. ...
RC.RP-05 - Confirming System Restoration
RC.RP-05 verifies the integrity of restored assets—checking for lingering threats or root causes—before returning systems to production, confirming normal operations. ...
RC.RP-06 - Declaring Recovery Completion
RC.RP-06 declares the end of recovery once predefined criteria are met, finalizing the process with a comprehensive after-action report detailing the incident, actions...
RC.CO-03 - Communicating Recovery Progress
RC.CO-03 ensures recovery activities and progress are shared with designated stakeholders—like leadership and suppliers—consistent with response plans and agreements. ...
RC.CO-04 - Sharing Public Recovery Updates
RC.CO-04 involves sharing public updates on incident recovery using approved channels and messaging, such as breach notifications or preventative steps, to inform affe...