2 Pager for Quick Actions
Incident Management
The purpose of this document is to provide high-level Incident Response guidance around industry best practices for incident response & incident management.
Compliance and Auditing
- NIST-CSF 800-53 r. 5
- PR.PO-P7, & PR.IP-9
- Controls: CP-1, CP-2, CP-7, CP-10, IR-1, IR-7, IR-8, IR-9
- ISO 27001
- IR-1
- Controls: 5.2, 5.3, 7.5.1, 7.5.2, 7.5.3, A.5.1.1, A.5.1.2, A.6.1.1, A.12.1.1 A.18.1.1, A.18.2.2
Incident Severity
High Impact to business, partners, & key Stakeholders. Trigger for contacting the Leadership Team.
Medium has the potential to impact the business in a meaningful way. Trigger for contacting the tactical support teams.
Low Handled within the Security team and doesn’t need external (to Security) communications.
Incident Response Process
Detection, Analysis, Containment, Remediation, & Post-Incident Analysis
(This framework is based on NIST v3,4,5 & ISO 27001). Its major focus is to break out the critical steps once the incident has been identified.)
Incident Response ProcessCORE Security Team
- Incident Response Anaylst
- Tool Owner / Dev Sec Ops
- Incident Commander / CISO
Tactical Support Teams
- Infrastructure Team
- Networking Team
- Server / Desktop Team
- Application’s Team
Leadership Teams
This list of leaders are as needed
- CISO – as the CORE Representative
- Legal Counsel
- Marketing
- Executive Team Members
- IT Leadership
- Business Area Leadership
Incident Response
Business Risks
- Loss of Critical System Functionality
- Potential for Data Corruption
- Exfiltration of Sensitive Data
This is Item number one
Lots of Stuff
THink about this
Or think about that
Item Two Expand- One Step
- Two Step
- Three Step
One thing I wonder about is how we get from point a to point b