Cyber Security Incident Response
A Cyber Security Incident Response Program is a key component of an Information Security Program. Risk assessments are an effective measure to reduce incidents, but there must be a capability to detect and manage the incidents that occur. Incident response is complex, requiring planning, people, process, and technology. Attacks are unpredictable and continuously evolving and improvement of the Incident Management Program and Continuous Monitoring for attacks themselves. Effective information sharing can help an organization identify situations that are of greater severity and demand immediate attention.1
- We do vet all members - All members have been re- vetted within the last 12 months
- FBI requires members to be U.S. citizens
- Must pass a background check
- Must stay active and log into site every 90 days or be re-vetted
- Meetings are closed. This means members only. Members may bring a guest for recruitment purposes if they vouch for them
- There are rules of non-disclosure
- We do not share intellectual property
- We sanitize what we share
- What we do share is appropriately classified and marked based on content using the Traffic Light Protocol (TLP)
- We have a process for content sharing that requires multiple level of approval
InfraGard Member Information Sharing
InfraGard members are encouraged to share incident information with other members so that we can reduce the number of incidents across the community as a whole. Our members are working in the tactical roles, managing the day to incidents in the environment. Working together we have the ability to:
- Provide situational awareness
- Operational and tactical risk management actions
- Strategic response planning to address attacks
The hackers are working together - we need to level the playing field.
InfraGard Houston Information Sharing
As one of the most active chapters in the U.S, the Houston Chapter has many venues for sharing information.
- Phishing Task Force: Collaborative effort to discuss best practices, innovative solutions, investigative techniques, incident response and practical approaches to communicate, perform trending analysis, provide security awareness and defend against phishing attacks in a timely manner
- Special Interest Group (SIG): Special Interest Groups focus on a specific industry area and focus on topics of interest to that area.
- Technology Tool Kit (TTK): The Technology Tool Kit (TTK) is intended to provide a collection of cyber security tools and guidance on their utilization, including an OpenSource Cyber Security Tool Repository, Educational Awareness on Cyber Security Tool Utilization, and Reference Materials for Cyber Security Tools
- Websites: InfraGard Houston stores TLP White data on the Houston Public website (this one). The national InfraGard site is at http:/www.infragard.org. This site is used for data that is classified such that it cannot be shared on the public site.
1 National Institute of Standards and Technology Special Publication 800-61 Revision 2 Natl. Inst. Stand. Technol. Publ. 800-61 Revision 2, 79 pages (Aug. 2012) CODEN: NSPUE2 http://dx.doi.org/10.6028.NIST.SP.600-61r2.