Learn about the importance of identification in cybersecurity incident response
Welcome to the third episode of our Energy Talks miniseries titled, Why Should You Talk About Incident Response? Join OMICRON cybersecurity consultant Simon Rommer as he explores the different process steps involved in cybersecurity incident response alongside other experts from the power industry.
In this episode, Simon speaks with Johann Stockinger who is Head of Digital Forensics and Incident Response at the Deutsche Telekom Security Operations Center. Simon and Johann talk about the importance of Identification, which is the second step in the incident response process.
Johann highlights the complexities of cybersecurity, particularly in the context of data overload, the importance of historical data analysis, and pro-active threat hunting. He emphasizes the role of SIEM in security operations, the necessity of specialized tools in operational technology (OT) security, and the convergence of IT and OT security monitoring.
Johann also highlights the importance of contextualizing alerts for effective incident response, building a comprehensive incident timeline, and the critical collaboration between IT and OT teams in cybersecurity defense.
If you haven’t already listened to Part 1 and Part 2 of this miniseries, be sure to check them out –
https://www.omicronenergy.com/en/energy-talks-podcast/85-why-should-you-talk-about-incident-response-part-1/ https://www.omicronenergy.com/en/energy-talks-podcast/95-why-should-you-talk-about-incident-response-part-2/ We welcome your questions and feedback. Simply send us an email to [email protected].
Please join us to listen to the next episode of Energy Talks.