Scribd Logo
Importer

Bienvenue sur Scribd !

  • 109 Security Incident Response Flow Diagram

    Transféré par

    aikomi
    1K vues2 pages
    Diagrama de flujo de trabajo para respuesta a incidentes de seguridad

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    Diagrama de flujo de trabajo para respuesta a incidentes de seguridad

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    1K vues2 pages

    109 Security Incident Response Flow Diagram

    Transféré par

    aikomi
    Diagrama de flujo de trabajo para respuesta a incidentes de seguridad

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 2

    SECURITY INCIDENT FLOW

    Initial Detection DIAGRAM PAGE 1

    Abnormal incident Is it a recognized Is it a Follow unit's


    Submit incident
    has occurred or is security incident? no recognized yes procedures to End of incident
    report to ISO
    in progress. IT incident? resolve.

    Functional unit
    no Inform functional
    Supervisor
    unit supervisor
    actions.
    yes

    Functional Unit Supervisor's Actions

    Is it a
    Functional unit
    recognized Report incident to Ongoing
    Supervisor yes
    security Security Unit incident
    actions.
    incident?

    no

    Verify configuration.
    Record current status
    of environment.

    no

    Contain, isolate and


    Create status Security Unit
    characterize the Has 24 hours passed? yes
    report to security support and
    problem for up to 2
    unit monitoring.
    hours

    Inform security unit


    Incident has been of un-
    no
    characterized characterized
    incident

    no

    yes

    Incident with previously Follow unit's


    Submit incident
    documented mitigation yes procedures to End of incident
    report to ISO
    steps? resolve.

    109 Security Incident Response Flow Diagram


    SECURITY INCIDENT FLOW
    Security Incident Investigation DIAGRAM PAGE 2
    Search for new
    security incidents
    with known
    Security Unit information Incident
    Security Functional unit
    support and Response team
    incident? no no provides report to
    monitoring. recommended or
    ISO
    Advise on actions requested?
    to take in the event
    a security incident
    is established
    yes

    End of incident

    Incident Response Team


    yes

    CIO and CISO invoke Team ensures


    Supervisor informs Incident response team
    an incident response containment or
    their Executive leader (ISO or
    Ongoing team to be formed with isolation of the
    Management. designee) executes
    incident appropriate incident
    ISO informs CISO. team formation
    membership.
    procedure

    Mitigate further Co-ordinate other


    Protect and collect all Communicate to
    damage or loss to resources, SMEs,
    available information for management and
    data or the vendors and
    forensic analysis PIOs
    infrastructure appropriate authorities.

    Follow published Functional unit(s)


    structured for impacted area(s)
    methodology Analyze all available will publish
    guidelines and best information workarounds, fixes
    practices and
    recommendations

    Implement Publish new or modify


    recomendations. existing guidelines, best
    no Hold a post incident
    practices,
    meeting
    Restore normal configurations. and
    operations checklists.
    yes

    Report out as
    necessary to Publish Security
    CIO and CISO approve management teams, Incident Report Form. End of incident
    recommendations and PIOs and appropriate Disband incident team.
    restoration of service? authorities

    109 Security Incident Response Flow Diagram

    Vous aimerez peut-être aussi