Incident Response

Cyber Security Incident Response

A Cyber Security Incident Response Program is a key component of an Information Security Program. Risk assessments are an effective measure to reduce incidents, but there must be a capability to detect and manage the incidents that occur. Incident response is complex, requiring planning, people, process, and  technology. Attacks are unpredictable and continuously evolving and improvement of the Incident Management Program and Continuous Monitoring for attacks themselves. Effective information sharing can help an organization identify situations that are of greater severity and demand immediate attention.1

Please note:

  • We do vet all members - All members have been re- vetted within the last 12 months
  • FBI requires members to be U.S. citizens
  • Must pass a background check
  • Must stay active and log into site every 90 days or be re-vetted
  • Meetings are closed. This means members only. Members may bring a guest for recruitment purposes if they vouch for them
  • There are rules of non-disclosure
  • We do not share intellectual property
  • We sanitize what we share
  • What we do share is appropriately classified and marked based on content using the Traffic Light Protocol (TLP)
  • We have a process for content sharing that requires multiple level of approval

InfraGard Member Information Sharing

InfraGard members are encouraged to share incident information with other members so that we can reduce the number of incidents across the community as a whole. Our members are working in the tactical roles, managing the day to incidents in the environment. Working together we have the ability to:

  • Provide situational awareness
  • Operational and tactical risk management actions
  • Strategic response planning to address attacks

The hackers are working together - we need to level the playing field.

InfraGard Houston Information Sharing

As one of the most active chapters in the U.S, the Houston Chapter has many venues for sharing information.

  • Phishing Task Force:  Collaborative effort  to discuss best practices, innovative solutions, investigative techniques, incident response and practical approaches to communicate, perform trending analysis, provide security awareness and defend against phishing attacks in a timely manner
  • Special Interest Group (SIG): Special Interest Groups focus on a specific industry area and focus on topics of interest to that area.
  • Technology Tool Kit (TTK): The Technology Tool Kit (TTK) is intended to provide a collection of cyber security tools and guidance on their utilization, including an OpenSource Cyber Security Tool Repository,  Educational Awareness on Cyber Security Tool Utilization, and Reference Materials for Cyber Security Tools
  • Websites: InfraGard Houston stores TLP White data on the Houston Public website (this one). The national InfraGard site is at http:/www.infragard.org. This site is used for data that is classified such that it cannot be shared on the public site.

 

1 National Institute of Standards and Technology Special Publication 800-61 Revision 2 Natl. Inst. Stand. Technol. Publ. 800-61 Revision 2, 79 pages (Aug. 2012) CODEN: NSPUE2 http://dx.doi.org/10.6028.NIST.SP.600-61r2

Warranty Disclaimer

Warranty Disclaimer: The FBI, InfraGard, and its affiliates provide information, including but not limited to software, documentation, training, and other guidance to be known as “materials”. The materials are provided as-is and we expressly disclaim any and all warranties, express or implied, including, and without limitation, the implied warranties of merchantability, fitness for a particular purpose, non-infringement, quiet enjoyment, and integration, and warranties arising out of course of dealing or usage of trade. You agree that, as between you and the FBI, InfraGard, and its affiliates, you are responsible for the outcome of the use of materials made available, including but not limited to adherence to licensing requirements, and taking legal and regulatory considerations into account. There is no guarantee of accuracy, completeness, timeliness, or correct sequencing of the information provided.