Part 1: Preparation - Introduction and Landscape - STFC and UKRI position - Security Culture - Case study, hypothetical "NewService" for "SomeProject" - Before the break, we will make preparations - *Always better to start small and build* - During the break this service will sadly be compromised - After the break: how do we respond? - Risk Assessment - Asset management and Service catalogue - Patching - Hardening - only install what's needed, - know what ports are open *and why*, - config management - Monitoring...

Part 2: Response - NewService has been compromised! - First steps: Incident Response Procedure - Who do they talk to? - What do they do? - What documentation should someone gather? - Case Study: What does an incident look like? - Service view - CSIRT view - Reporting and post mortem