Virtual Cyber & Technology Risk Management Forum

III. Security Operations (IS Booklet)

• Threat Identification and Assessment • More focused then Risk Identification Process • Monitor for hostile cyber or physical threats, human errors, structure failures, and man-made or natural disasters. • Leverage attack trees, event trees, and kill chains • Threat Monitoring • Establish responsibility and authority to monitor systems • Network, host, and application monitoring • Incident Identification and Assessment • Identify indicators of compromise and analyze events • Leverage identification systems such as: ISP, Endpoint monitors, DLP, Logs, file integrity…. • Escalate and report . • Incident Response

• Establishes when and who should enact Incident Response • Defined Process to address the threat and return to operations

© SBS CyberSecurity, LLC www.sbscyber.com

21