Definitions
- First Responder/First level review
- first person to be on scene or receive notification of an event, organizations should provide training to the first responder to recognize and properly react to emergency circumstances.
- Help Desk Ticket (Control)
- an electronic document captured in a database and issue tracking/resolution system
- Ticket Owner
- person reporting the event, the principal owner of the assets associated with the event or the common law or jurisdictional owner.
- Escalation Report (Control)
- First Responder’s documentation for ticket escalation, the Responder writes this information into the ticket or the WIKI log for the event. The ticket references the WIKI log for the event.
- Second Tier
- Senior technical resources assigned to resolve an escalated event.
- Incident Coordinator
- individual assigned by organization senior management to assemble the incident response team, manage and document response to the incident.
- Investigation Status Report (Control)
- documentation of the current investigation results, the coordinator may document this material in the ticket, WIKI or an engineer’s journal.
- Meeting Minutes (Control)
- documentation of the incident team meeting, the minutes document the attendees, current nature of the incident and the recommended actions. The coordinator may document this material in the ticket, WIKI or an engineer’s journal.
- Lock-down Change Control
- a process ordered as a resolution to the incident. This process follows the same authorization and response requirements as an Emergency Change Control.
- Test Report (Control)
- this report validates that IT personal have performed all necessary and available repairs to systems prior to bringing them back online.
- War Room
- a secure environment for review of confidential material and the investigation of a security incident.
- Report to Senior Management (Control)
- the incident coordinator is responsible for drafting a senior management report. The coordinator may document this material in the ticket, WIKI or an engineer’s journal
Incident Response Steps Detection- An incident can be detected by a sensor, a network analyst or a user reporting something unusual with his/her PC. Containment- In the event of malicious network traffic or a computer virus, the Incident Response Manager should stop the traffic by taking the computer off the network. Clean- Run a virus scan to remove the virus or wipe the computer clean and reimage the machine. Reverse Engineering- Use computer forensics tools to understand why the malicious traffic accured in the first place. Once the incident is completely understood make plans to decrease your future risk.
Read more about this topic: Computer Security Incident Management
Famous quotes containing the word definitions:
“What I do not like about our definitions of genius is that there is in them nothing of the day of judgment, nothing of resounding through eternity and nothing of the footsteps of the Almighty.”
—G.C. (Georg Christoph)
“Lord Byron is an exceedingly interesting person, and as such is it not to be regretted that he is a slave to the vilest and most vulgar prejudices, and as mad as the winds?
There have been many definitions of beauty in art. What is it? Beauty is what the untrained eyes consider abominable.”
—Edmond De Goncourt (1822–1896)
“The loosening, for some people, of rigid role definitions for men and women has shown that dads can be great at calming babies—if they take the time and make the effort to learn how. It’s that time and effort that not only teaches the dad how to calm the babies, but also turns him into a parent, just as the time and effort the mother puts into the babies turns her into a parent.”
—Pamela Patrick Novotny (20th century)