Dear team,
Hope everyone is doing well and thank you for your patience! Also, thank you to <bc-attachment sgid="BAh7CEkiCGdpZAY6BkVUSSIpZ2lkOi8vYmMzL1BlcnNvbi8xMDAzNDc1Nj9leHBpcmVzX2luBjsAVEkiDHB1cnBvc2UGOwBUSSIPYXR0YWNoYWJsZQY7AFRJIg9leHBpcmVzX2F0BjsAVDA=--a42b450fe9a775c9458bb87550232d33c59b4929" content-type="application/vnd.basecamp.mention">
<bc-mention class="mentionable-person" gid="gid://bc3/Person/10034756"> Michael</bc-mention>
</bc-attachment> for doing up the Incident Response Control List. We think it's really useful and appropriate for readers who wish to study more about incident response.
Reader starts off not knowing the cause of disruption (incident or outage), the framework helps narrow down to the cause using a decision tree-like method to provide an incident response.
To do this, we developed an incident classification scale (chapter 4.2.2) based on:
- ENISA Cloud Security Incident Reporting
- NIST Computer Security Incident Handling Guide
- TR 62 Guidelines for Cloud Outage Incident Response
The scale goes from Incident Severity Level 1 to 5, with incremental severity up the scale.
In the next subchapter 4.2.2.1, key parameters to measure impact are listed with example values for each Incident Severity Level. The readers should tweak these values to suit their security requirements according to the Incident Severity Levels. From there, what we currently have in mind is to provide containment, eradication and recovery guidelines for each Incident Severity Level, perhaps in a table?
Let's take a week (11 June) to read through the draft and drop any thoughts/ comments below. If there are no major objections, we'll proceed with call for volunteers for each chapter / sub-chapter. Happy to clarify any questions. Thanks!
Best Regards,
Jane Chow
------------------------------
Jane Chow
Jun 4 · Notified 33 people
------------------------------