Formalize Security Incident Response
Create workflows to more efficiently respond to security incidents.
Follow a Framework When Building Workflows
Follow the security incident management framework when building workflows to help ensure all aspects of the response process are formalized.
Identify Security Weak Points in Current Processes
By building security incident response workflows, identify maturity gaps and risks in existing organizational processes.
Security Incident Management Framework
You will experience incidents.
Save your organization response time and confusion by developing your own specific incident use cases.
The results of incident response must be analyzed, tracked, and reviewed regularly.
Without a comprehensive understanding of incident trends and patterns, you can be revictimized by the same attack vector.
Effective internal communications are key to a more effective incident response.
Security Incident Response Team members come from departments that don’t usually work closely with each other. This means they often have different ways of thinking and speaking about issues. Be sure they are familiar with each other before a crisis occurs.
Build Prepare and Detect Phases
Select a security incident type to build a workflow for, then define that workflow’s ownership. Begin to create the workflow by identifying how the security incident can be detected.
Build Analyze and Contain Phases
Determine how the detected security incident will be analyzed to ensure it is fully resolved, then determine how the analyzed security incident will be completely contained.
Build Eradicate and Recover Phases
Define how the organization will identify and eradicate all components of the root cause of the contained security incident, then define how the organization will recover from the eradicated security incident.
Build Post-Incident Activities Phase
Determine the process for completing post-incident activities such as assessing response quality, determining incident costs, and potentially sharing information with key stakeholders.