Incident preparation begins before a cyber incident occurs, and the impact of an incident on the business can continue well after it is remediated. But how do you build an effective response plan?

In these three 90-minute sessions, cybersecurity expert and former State of Texas CISO, Brian Engle will uncover the key to creating a robust IR Plan along with what you need to properly contain, investigate, and respond to a cyber incident. He’ll also detail best practices and controls that will result in response success. Additionally, the sessions will walk through what is needed for proper documentation of an incident. This crucial step will benefit the business by recording key details to support an insurance claim and/or help with any legal proceedings or litigation that may occur.

Session 1: Preparation, Detection, and Initiation the Response Process

Fortune favors the prepared. In this first session we’ll set the stage for handling incidents by constructing our response plan. Beyond the basics of roles, responsibilities and aligning the resources that are needed for an effective incident response, the session will include evaluating where prevention and protection may break down. Additionally, the session will highlight the importance for communications within teams and working together at the onset of potential incidents to minimize the chaos that can occur when things start going wrong.

The second part of this session will focus on incident handling once the alarm bell is sounded. We’ll focus on ways to document and track response activities while also diving into analysis techniques to help ferret out facts, develop theories, and deal with incomplete information that will be a part of the incident response during the early stages.

Session 2: Containment and Eradication

Limiting damage and eliminating the threat. During the second session we’ll go deeper into the response process, looking at how to stay on track with the response plan as well as how to adjust as needed to unforeseen circumstances. Communication remains a priority and we’ll look at framing the message into what you currently know, what you currently speculate with degrees of confidence, what you need in order to know more, and when.

The second part of this session will evaluate techniques to compartmentalize the damage, monitor and detect lateral movement and utilize your defender’s advantage of knowing the landscape and what’s most valuable. Other considerations during this session include monitoring external environments including threat exchanges and dark web forums safely and securely until you are able to recover and return to normal operations.

Session 3: Putting It All Together, and Putting the Plan into Practice

Practice makes perfect. In this last and final session, we’ll put it all together and look at post-incident activities that include hotwash sessions, lessons learned and securing/retaining evidence. Important facets of the post-incident phase is improving our response plan, improving our protections, and improving our detection capabilities—all in preparation for next time, because there will be a next time.

To wrap up what we’ve learned, we’ll look at how to conduct a table-top exercise as well as how to create your own scenarios using the headlines describing other incidents. Looking at the events that occur within your particular vertical, or abstracting details until the scenario is plausible for your organization will help align your preparations to what attackers are currently behaving in the wild.

Register for "Building and Evaluating an Effective Incident Response Plan" to discover best practices in Detection, Analysis, Recovery, and Post-Incident actions, all while earning CPE credits. And don’t worry about your schedule. If you miss any sessions, you can watch them on demand. Either way, you’ll be on track for a more effective Incident Response.

Location and cost:

These three 90-minute sessions will be conducted live using the ON24 webcast platform. You can take this course on the live dates or by viewing the on-demand recordings. Recordings will be available through December 2018.

Course price: $495 (includes all three parts)

Attendees will earn 5 CPE credit hours.

If you have any questions, please contact Tom Bechtold at or 503-303-7871.

speaker photo
Instructor: Brian Engle
Fractional CISO, CyberDefenses, Inc.

Brian has built and led dynamic organizations focused on cybersecurity risk management, information security, and threat information sharing. He recently served as the Executive Director of the Retail Cyber Intelligence Sharing Center.  Prior to that, Brian served in the role of CISO for the State of Texas and for a Fortune 500 organization. Prior to that, Brian served in cyber security roles for banking and high tech organizations.

Brian’s Specialties include risk management, project management, and cost effective delivery of appropriate security solutions within organizational risk tolerances. Consummate generalist with a background in effective incident response & management, security and network operations, vulnerability and threat management, as well as technical compliance evaluation and gap analysis.