Information Technology Reference
In-Depth Information
Triage
via
Escalates
to
Review &
Feedback
Notifies
via
Identifies
Isolates
Treats
Restores
Announces
RCA
1
2
3
6
7
8
9
10
11
4
5
SME's/
Specialized
Groups
Incident
Macro
Source
Incident
Micro
Source
FIRST/
CERT/
Other
Root
Cause
Analysis
Incident
Detector
CSIRT
Front-End
CSIRT
Priorities
Review &
Feedback
Symptom
Service
Restore
Clean
Version
Lessons
Learned
Shutdown
Process
Enumerate
priorities:
-TBD
Verify
Symptom As
Problem
Server
Process
Post Alert
A
Client
Application
Network
Service
Help desk
agent
User
Segment
Network
Traffic
Share
Lessons
Learned
Minimize
Probability of
Recurrence
AV Team
Inoculate
Infected
System
Identify
Actual
Problem
Router
E-mail
Phone
On-site
Team
May be
symptom; at
this point
treating the
symptom is
paramount
Physically
Disconnect
Minimize
Effect of
Recurrence
E-commerce
Team
On-line
Ticketing
Automated
Sensor
SNMP
12
Contact Lists
Announcements
Etc.
Incident Tracking
Knowledge Repository
13
Databases
Figure 8.10
incident response taxonomy.
