Overview
Explore a comprehensive webinar on Industrial Control Systems (ICS) incident response, led by Kai Thomsen, head of Dragos's International ICS threat hunting efforts. Delve into five crucial recommendations for ensuring successful, timely, and efficient incident response, ultimately leading to a safe return to stable operations. Gain insights on preparing for IR events, assigning decision-making responsibilities, determining when to shut down operations, identifying root causes, and engaging an IR team. Learn about the Incident Command System, ICS Cyber Kill Chain considerations, escalation factors, and defining thresholds for unacceptable risk. Understand the importance of knowing your adversary, focusing on relevant activity groups, identifying techniques, and assessing your detection capabilities to enhance your organization's ICS cybersecurity posture.
Syllabus
Intro
Preparing for an ICS IR Event
Know Your Adversary - Focus on Relevant Activity Groups
Identify Techniques
Understand your Detection Capabilities
Considerations for ICS IR Preparation
Assigning IA Decision Making Responsibility
The Incident Command System
ICS IR Decision Making Considerations
Determining When Shutdown of Operations is justified
ICS Cyber Kill Chain Considerations
Escalation Factors
Define Thresholds for Un-Jacceptable Risk
Getting to Root Cause
RCA Considerations
Taught by
Dragos: ICS Cybersecurity