App Review What is Incident Response, and why is it important?

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.

Cybersecurity Meg

New Member
Thread author
Nov 26, 2020
4
I am the Cyber Security Incident Response Manager for a large company, and recently began making some videos on Youtube that are geared towards honing in on some specific topics. Recently, I wanted to discuss incident response - why it's imperative to have a good incident response process, and when exactly incident response is necessary. Do you have any thoughts?

 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Being a digital marketeer I have a tip for you: disable sound and have a look at your video.
a) check the micro movements in your face (no worries all is good, only in the first minutes you sometimes twitch your mouth to the right corner)
b) with no voice it looks like I am watching a podcast, what is the added value of broadcasting a video? Please add graphs, visuals and text blurbs.
c) apply golden rules of story telling: tell what you are going to tell, mention three benefits/reasons, resume story to make your point, next give an example and finish with the take away
 
Last edited:

Protomartyr

Level 7
Sep 23, 2019
314
As someone who was pursuing a cyber security degree but had to drop out (couldn't afford the financial costs; the program was too new at this university and was mismanaging classes), I'm looking forward to this series!

I do agree with Lenny's comment on the video feeling more like a podcast. I listen to podcasts so I didn't mind the format of the presentation (I was listening to the video in a background tab). Adding visuals would definitely help add to the experience.

One aspect of incidence response that I've found intriguing is transparency. You mentioned about whether there's a need to report to a data authority/law enforcement depending on the incident. What about the need to report to employees and/or customers that have been affected?

For example: Canon publicly confirms August ransomware attack, data theft

It took Canon around 3 months to disclose a breach that involved current and former employees' (including their beneficiaries and dependents) names, Social Security number, date of birth, the number for the driver's license number or government-issued ID, the bank account number for direct deposits from Canon, and their electronic signature.

I know investigating incidents like this takes time, but the delay in notification puts people at risk. I'd imagine this is not solely up to the decision of the incident response team, but also involves the legal team (for potential litigation) and public relations (company's image) as well. How do companies prioritize disclosures like this?
 

Behold Eck

Level 15
Verified
Top Poster
Well-known
Jun 22, 2014
717
Being a digital marketeer I have a tip for you: disable sound and have a look at your video.
a) check the micro movements in your face (no worries all is good, only in the first minutes you sometimes twitch your mouth to the right corner)
b) with no voice it looks like I am watching a podcast, what is the added value of broadcasting a video? Please add graphs, visuals and text blurbs.
c) apply golden rules of story telling: tell what you are going to tell, mention three benefits/reasons, resume story to make your point, next give an example and finish with the take away

Me thinks you`re being a tad over zealous in your criticism as the video did what it was supposed to do in a very informal, straight to the point way.

Why would anyone want to watch a podcast without the sound ?

The graphs,blurbs etc you mention could muddy the waters and get in the way.

Keep it simple for us simple folk.

Regards Eck :)
image-assetx.png
 
Last edited:
  • Like
Reactions: Venustus

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Me thinks you`re being a tad over zealous in your criticism a

Regards Eck :)
it were three tips, what part was critism (considering the fact that I explictely mentioned all is good).

Behold Eck said:
Why would anyone want watch a podcast without the sound ?
A video with no visuals is like a podcast with no sound. People don't watch podcasts, they listen to it :)

Behold Eck said:
The graphs,blurbs etc you mention could muddy the waters and get in the way.
Could be when applied exuberantly, but adding 3 or 5 visual anchors to emphasis a spoken message of so many minutes, would not scare away your audience
 

Behold Eck

Level 15
Verified
Top Poster
Well-known
Jun 22, 2014
717
it were three tips, what part was critism (considering the fact that I explictely mentioned all is good).


A video with no visuals is like a podcast with no sound. People don't watch podcasts, they listen to it :)


Could be when applied exuberantly, but adding 3 or 5 visual anchors to emphasis a spoken message of so many minutes, would not scare away your audience
Yes I agree that"all is good".

Maybe you could animate that graphic I posted, not that that would make it any more understandable to me but might be a cool thing to do ?

Regards Eck:)
 

Cybersecurity Meg

New Member
Thread author
Nov 26, 2020
4
Being a digital marketeer I have a tip for you: disable sound and have a look at your video.
a) check the micro movements in your face (no worries all is good, only in the first minutes you sometimes twitch your mouth to the right corner)
b) with no voice it looks like I am watching a podcast, what is the added value of broadcasting a video? Please add graphs, visuals and text blurbs.
c) apply golden rules of story telling: tell what you are going to tell, mention three benefits/reasons, resume story to make your point, next give an example and finish with the take away
Thank you for the feedback! My more recent videos have text added in to help anyone watching be able to "summarise" the point in text.

As someone who was pursuing a cyber security degree but had to drop out (couldn't afford the financial costs; the program was too new at this university and was mismanaging classes), I'm looking forward to this series!

I do agree with Lenny's comment on the video feeling more like a podcast. I listen to podcasts so I didn't mind the format of the presentation (I was listening to the video in a background tab). Adding visuals would definitely help add to the experience.

One aspect of incidence response that I've found intriguing is transparency. You mentioned about whether there's a need to report to a data authority/law enforcement depending on the incident. What about the need to report to employees and/or customers that have been affected?

For example: Canon publicly confirms August ransomware attack, data theft

It took Canon around 3 months to disclose a breach that involved current and former employees' (including their beneficiaries and dependents) names, Social Security number, date of birth, the number for the driver's license number or government-issued ID, the bank account number for direct deposits from Canon, and their electronic signature.

I know investigating incidents like this takes time, but the delay in notification puts people at risk. I'd imagine this is not solely up to the decision of the incident response team, but also involves the legal team (for potential litigation) and public relations (company's image) as well. How do companies prioritize disclosures like this?
Hi! I'm sorry you had to drop out due to financial costs. I hate that, and wish financial costs weren't so restrictive of who can receive education.

You brought up a good point about reporting to employees/customers - generally this is contingent upon what country the data originates from (or rather where the person who owns the data lives in), the risk of the data being used for malicious purposes, the impact of the breach, etc.

Deciding when to report/make known about an incident also depends on the above factors. What country, the sensitivity of the data, the risk to the individual(s), the legal requirements of the geolocation (of course the EU and some APAC and South American countries have more stringent reporting requirements), etc. We have an entire Privacy team dedicated to this, so generally we (Incident Response) provide the data needed to the Privacy team, and they make that call.

Thanks for your feedback! I really do appreciate it.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top