in all systems, the cardinal rule applies… garbage in, garbage out. - Cyber hygiene, on all fronts, enables systematic enhancements that greatly improve the effectiveness of IR capabilities IR Process and Cyber Hygiene… 10/6/19 Cyber Resilience: Enhancing Incident Response – © Steve Bowers, 2019 14 Preparation Detection & Analysis Investigation Containment Eradication & Recovery • Establish IR capabilities. • Prevent incidents. • Determine of attack vector(s). • Scope detected incident(s). • Quarantine affected systems • Stop incident from spreading • Extract artifacts from affected systems • Ingest artifacts into detectors • Eliminate threats from affected systems • restore normal functionality How cyber hygiene comes into play… Create processes, playbooks, and automation to take pre-approved action quickly. Ensure forensic tools are deployed to extract artifacts, train analysts accordingly. Identify assets, validate countermeasures, mitigate vulnerabilities, test IR plan. Validate detection and monitoring mechanisms, ingest threat intel, ensure logging. Test data backup systems, ensure configuration management.