In February 2023 EGI CSIRT ran a security communication challenge which enabled verifying the security contact list. This is an important preparation part of the incident response.
At the end of the month, EGI CSIRT is about to run a security challenge which will simulate a real incident at CMS sites. The last such security exercise ran in 2019.
Running security drills is very important as it shows how well centers are prepared to respond to an incidents, CSIRT can verify its procedures, assess processes and train responders. The objective is to prepare the sites for the incident response, make them familiar with the security procedures and helps them identify which internal processes need (or not) to be improved for the incident response, so that they are prepared in case a real security incident happens.
Note that it is very important to contain the incident before eradiction. Minimise the damage by disabling or limiting connectivity, then collect the indicators of compromise which will serve for later analysis and then recover the system.
Recent Comments