New Video from @JonGoodCyber on Cybersecurity

In this video, Jon Good addresses several crucial aspects of cybersecurity, including incident response, automation of security processes, and digital forensics techniques. He begins by emphasizing the importance of incident response policies, which describe how to react to security incidents and identify key personnel involved. Security incidents, such as data breaches, malware attacks, and similar events, require a rapid and effective response.

Jon explains that incident response plans provide detailed information on how personnel should react to an incident. These plans include definitions of incident types, team members and their roles and responsibilities. A communication plan is also essential to avoid communication errors, especially with the media or the public. Reporting requirements, internal and external communications, as well as interactions with law enforcement and customers are also addressed.

The incident response process includes several key steps: preparation, identification, containment, eradication, recovery, and lessons learned. Jon uses the acronym "PICERL" to help memorize these steps. He highlights the importance of automation in managing low-level security incidents, allowing focus on more serious incidents. Playbooks and runbooks are essential tools for automating these processes.

The video also covers digital forensics techniques, which are crucial for collecting and analyzing evidence. Jon stresses the importance of following appropriate procedures to ensure evidence is admissible in court. He explains concepts such as the chain of custody, legal hold orders, and data retention policies. Common types of evidence include video surveillance, interviews, event logs, and final reports.

Jon also discusses the challenges related to data management in the cloud, including audit rights clauses and data breach notification laws. He explains the order of volatility of data, which determines the order in which evidence should be collected, starting with the most volatile data. Specialized tools like DD, Mdump, WinHex, FTK Imager, and Autopsy are used to create forensic images and analyze systems without altering the original data.

Finally, Jon talks about the importance of data recovery and eDiscovery, which involves collecting electronically stored information. He mentions that metadata is crucial and that forensic tools can recover deleted data. He concludes by emphasizing the importance of strategic intelligence to improve cyber resilience and security posture.

To learn more, watch the full video: https://www.youtube.com/watch?v=Is2RcF0FJL4