6steps in Incident Response Process:
- Preparation
- Identification
- Containment
- Eradication
- Recovery
- Lessons learned
Escalation - When an incident is not yet tackled, based on its priority, it is escalated to a higher level. This enables business to focus more of its resources to the incident and solve it,always based on priority.
----///not required*
Types of Escalation
- Functional - When expertise of particular field is required
- Hierarchical - When authoritative decisions of higher level is required
----///not required*
Categorize Incidents on Priority based on :
- Impact - In terms of business like customers affected, business data etc.
- Urgency - The time estimate to solve an incident
- Priority - Directly proportional to Impact and Urgency
----draw chart----
///--*not required--
Pre-requisites of Escalation
- Triggers
- Escalation Levels
- Well-defined Triggers for corresponding Escalation
----not required----*//
Levels of escalation:
Level 0/low:
Level 1/medium:
Level 2/high:
Level 3/critical:
Eg. of escalation in Tulane university
Example of Escalation levels in montana college & health institute:
(short brief from the pges)
https://www.mtech.edu/cts/policies/policies/escallation.pro..pdf
http://security.calpoly.edu/docs/standards/incident-response.pdf
ref:
http://www.slideshare.net/agnihotry/itil-incident-managementfor-beginners pg6
http://countuponsecurity.com/2012/12/21/computer-security-incident-handling-6-steps/
http://searchsecurity.techtarget.com/definition/incident-response
mohd. ref:-
http://www.slideshare.net/agnihotry/itil-incident-managementfor-beginners
(other usable links)-
https://federation.edu.au/__data/assets/pdf_file/0006/34656/Escalation-process-diagram.pdf
http://wiki.en.it-processmaps.com/index.php/Checklist_Incident_Escalation
Comments