From the course: Cyber Crisis Management with NIST Cybersecurity Framework (CSF) 2.0
Join today to access over 24,900 courses taught by industry experts.
Learning from cyber incidents
From the course: Cyber Crisis Management with NIST Cybersecurity Framework (CSF) 2.0
Learning from cyber incidents
- When we're done, you'll know how to learn from a cyber crisis and get better for next time. In the NIST Cybersecurity Framework, even though we're talking about a subject that has to do with recover, we're actually in the identify function and the improvement activity. The identifier is ID.IM for improvements. Think of post-crisis analysis like being a detective at a crime scene. You're looking for clues to solve the mystery of what went wrong. Let's dive into how to do this well. First, let's talk about advanced debrief methods. It's like peeling an onion. You go layer by layer to find the core issues. One method is the five whys technique. You ask why five times to dig deep into the root cause. For example, why did the attack succeed? Why was that weakness there? Why, why, why? Keep going until you find the real reason. Next up is finding useful insights. This is like mining for gold in a mountain of data. You need to find the bits that will really help you improve. Look for…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.