Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Forums it-sa Expo Knowledge Forum C

Cyber Incident Response - Plan for what you are most afraid of!

The presentation will show how effective cyber incident response processes can be developed and which stumbling blocks can occur.

calendar_today Tue, 12.10.2021, 10:30 - 10:45

event_available On site

place Hall 7, Knowledge Forum C

Action Video


Action description







Awareness / Phishing / Fraud SIEM / Threat Analytics / SOC


This action is part of the event Forums it-sa Expo

Action Video

grafischer Background

This video is available to the it-sa 365 community. 
Please register or log in with your login data.

Action description

24 hours for the recovery of the IT infrastructure for the email services and voice over IP and 48 hours for the recovery of the production infrastructure!

These were the requirements of an (anonymised) customer project for the development of practice-oriented recovery and restart plans after several locations were affected by cyber-attacks in the past. In the presentation "Cyber Incident Response - Plan for what you are most afraid of!" it will be shown how an effective Cyber Incident Response Management can be developed.

Based on different scenarios developed with the customer, methods are presented on how to minimise the impact of cyber incidents and how to develop processes in the following phases: identification, analysis, containment, eradication, recovery and post incident activities. The focus here is on processes and organisational measures that go beyond technical measures for analysing and eliminating malware. These include exemplary activities such as escalation and de-escalation, reporting to the data supervisory authority, but also easily overlooked activities and stumbling blocks such as the failure of IT-supported forklifts. Because according to the manufacturer, the replacement of the forklift IT takes up to 3 months and is thus strongly contradictory to the above-mentioned demands on the part of the management.

In addition to the examples mentioned, the presentation will point out further stumbling blocks, but also success factors, which are not mentioned in the current norms and standards.
... read more

Language: German

Questions and Answers: No


show more

This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.