Define your security incident management program in the following sections:
- Purpose and mission
- Definitions
- Organizational approach to incident response
- Roles and responsibilities
- Process
- Identification and classification confirmation
- Incident severity classification
Formalize the security incident management program by defining a central, high-level guide to describe goals, roles, and responsibilities, as well as the process that will underlie all incident classification and response.
2 Comments
This is a confusing document. The content is good but the layout is illogical and disjointed. Using the sample diagram as a basis for discussion, the incident response process is described three different ways in the content of the document (if you include the diagram). The first, which does not follow the sample diagram and the second, which does to a great extent. Wouldn't it make more sense to combine all like information? Combine the best of "Identification" from the first and second parts together, same for "containment", "investigation", and so on. I think you'd have a better product if similar information was combined and addressed at the same time.
For example:
Diagram: Identification, Containment, Analysis, Escalation, Resolution, Closure, (Recording all along)
Part 1: Identification, Containment, Eradication, Recovery, Follow-up, Retention
Part 2: Identification, Containment, Investigation, Escalation, Resolution, Recording, Continuous Improvement, Close
Thank you for the feedback. We’re glad you found the content helpful. As for the layout, we’ve relayed your feedback to the research team and have noted it for the next research refresh process. We are always working to continuously improve our products and love to hear feedback from users, such as yourself. If you have any other feedback or questions, please don’t hesitate to contact us.