AusCERT2015

Connect with us   ​  

Ashley Deuble

Ashley has been working in Information Security for a lot longer than he would like to remember. He has worked for numerous financial institutions, global engineering firms, education and Fortune 50 companies. Ashley's experience in Information Security includes security incident response, forensic analysis, ISO27000 Policy/ISMS development and implementation, security risk and compliance assessments, penetration testing, mentoring and training. He has achieved many security certifications such as CISSP, CISM, CISA, CRISC and OSCP. He has numerous SANS certifications, including their prestigious GSE certification. When Ashley isn't working or studying he likes to go running, mountain biking and camping.

Twitter: @ashd_au

Presentation Title
The 6 stages of incident response
Abstract

This presentation will walk the audience through the six stages for successful incident response. We will talk about 

1 - The preparation phase where we ensure we have the right policies (and we are all aware of them), a fully kitted out jump bag with all the tools we may possibly need to respond to an incident, a defined procedure for responding, call lists, OS command cheat sheets etc. 

2 - The Identification phase. How we identify whether we have just an event, or an incident. We will look at a range of sources that can provide us with the information we require to make this determination. 

3 - Containment. What can we do to ensure that we limit the damage and prevent any further damage from the incident. Are there certain steps we can do to provide short-term containment whilst we work on more robust long-term containment solutions. 

4 - Eradication. This phase is where we talk about how we can remove and restore affected systems. Can we safely use a backup, or do we need to rebuild from known good media? 

5 - The recovery phase. This is where we bring the affected systems back into the production environment in a controlled manner as to not create another incident. 

6 - Lessons learned. Possibly the most critical phases in the entire process. This is where we clean up the documentation that may not have been completed during the incident response process, but we actually look at the "who, what, where, when and why" of the incident to put controls in place to prevent the incident from happening again. 

The presentation is to be something practical that the audience can take back to the office after the conference and start implementing. I will provide links to various supporting documents and templates that can be modified and used by attendees after the presentation.

REGISTER HERE!

Conference Highlights

New Venue
Don't miss the best cyber security conference in Australia at the Surfers Paradise Marriott, only 150 m from Surfers Paradise beach

Conference MC
Comedian and Mathematician Adam Spencer will host the conference, Gala Dinner and Speed Debate

Career Café
Retreat to the back of the exhibition away from the noise for a real coffee at the AusCERT2016 Career Café and chat with specialist Infosec recruiters