Strategies for better incident response – a webinar preview

By Gregory Moore

Focused on the special needs of the research and education community, ResearchSOC webinars provide on-demand, how-to training for IT and cybersecurity professionals supporting open science research projects.

On June 25, 3pm ET, Josh Drake will present: “Strategies for better incident response.” We spoke with Drake about his goals for the webinar.

I had been a system admin and applications engineer for about ten years before I moved into network administration, data center management, and then more recently at CACR becoming a security analyst.

I currently work for various NSF projects where I do incident response. One of those is the ResearchSOC, where we provide incident response guidance for our clients and some policy advising. I’m also a member of the security team for the Open Science Grid, where we do incident response policy. I also run a number of incident response tabletops, for IU for the graduate school and their cybersecurity program. We’ve done a few of those, as well as tabletop exercises for operational and security personnel at Open Science Grid.

For the webinar, this incident response training is one that we’ll be doing for the second time. We presented it at the NSF cybersecurity summit in October in San Diego. Incident response is a big topic. It encompasses a lot of both planning in writing policies and taking inventory of your assets. And it also involves a lot of follow up and iteration on improving that process.

What we want people to get out of the training is to be able to take a look at the core steps of handling an incident effectively. I could give a list of 20 steps someone should take in doing incident response. But what I want to be able to do is take an organization that doesn’t have a response system in place and look at what are the key things your organization needs to meet your own priorities by identifying what the key components are and creating a set of priorities for an organization. We can boil that down to an outline that they will be able to take away and flesh out after the webinar.

To find out more about upcoming ResearchSOC webinars, register for an event, or view on-demand webinars, please visit our webinars page.

The Research Security Operations Center (ResearchSOC) is a collaborative security response center that addresses the unique cybersecurity concerns of the research community. ResearchSOC helps make scientific computing resilient to cyberattacks and capable of supporting trustworthy, productive research. For more information on the ResearchSOC, visit our website or email rsoc@iu.edu.