This article highlights the Threat Management Process in Incident Response and brings in the understanding of the Kill chain model. Excerpts have been taken from a session presented at SACON - The Security Architecture Conference. You can view the full slide here.
For more in depth session on Incident Response, Threat Intel & many more - sign up for SACON here
3 Stages Of Incident LifeCycle
- Detection & Analysis
- Response & Recovery
- Post incident
( Read More: Bad USB Defense Strategies )
Threat Management - NIST Aligned Process
| Detection & Analysis | Detection & Analysis | Detection & Analysis | Response & Recovery | Response & Recovery | Response & Recovery | Post Incident |
| Analyse Logs and Information Security Events | Validate Incident Scale and Consequence | Based on priority, assemble ISIRT and notify appropriate parties and escalate incidents. (e.g.. critical & high priority crisis and emergency incidents escalated to Country Emergency Manager) | Direct ISIRT, develop incident response plan, activate rapid response team if needed and communicate incident to internal & external stakeholders | Eradicate technical vulnerabilities and incident root causes | Recover affected information systems and business operations | Document lessons learnt |
| Identify potential information security incidents | Assign consequence, severity and priority ratings | Perform incident containment, investigation and root cause analysis, forensics and evidence management | Close Incident | |||
| Categorize incident | Review & confirm ratings | Create incident review report | ||||
| Endorse ratings | Develop and implement IS-IM improvement recommendations |
....view full table & slides here
( Read More: Incident Response: How To Respond To A Security Breach During First 24 Hours (Checklist) )
Comments