triangletoot.party is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon instance focused on the Triangle region of North Carolina. Keeping out jerks since 2019. Anti-racist, anti-fascist, and anti-TERF.

Server stats:

79
active users

#IncidentResponse

0 posts0 participants0 posts today

Since 2017, our CLAW workshop has supported the international #research and #education community with #CrisisManagement planning and preparedness.

We spoke with Vladislav Bidikov (FINKI / UKIM, Skopje), to learn how the experience of CLAW inspired him to design and develop a course for university students: connect.geant.org/2024/11/12/f

#CONNECT47: connect.geant.org/connect47

Continued thread

Anyhow, the new 3rd revision of NIST 800-61 (formerly the Computer Security Incident Handling Guide) is fan-fucking-tastic.

It makes huge changes to the recommendations for process improvement, including not waiting until an incident is wrapped up to share your "lessons learned."

It also rips apart the traditional "phases" of incident response and re-maps the tasks in them to CSF 2.0 "functions." It even includes specific CSF 2.0 controls for each IR function.

Instead of phases of Preparation, Detection & Analysis, Containment/Eradication/Recovery, and Post-Incident Activities we now have, Govern, Identify, Protect, Detect, Respond, and Recover.

This is way more closely aligned with how real world incidents play out in this, our most cursed timeline.

The document focuses far less on the "plan" for incident response and far more on the controls behind a good IR program.

I'm very happy with these changes, especially since I'm diving in to the document to prepare for a big IR plan update at work.

A++, NIST.

I am way too excited about a compliance document.

#CyberSecurity #DFIR #IncidentResponse #InformationSecurity