1)Security News [Reader: IT,IS,RISK]
It is able to impose the security awareness of IT, IS, and RISK.
2)New Security Regulation (Specific) [Reader: IT,IS,RISK]
After the new-added regulations are aware, IT, IS, and RISK will trigger a task to revise the corresponding policies and procedures.
3)New Vulnerabilities (Specific) [Reader: IT,IS]
IT and IS should follow up by triggering a hardening process against those new-added vulnerabilities.
4)New Threats (Specific) [Reader: IT,IS]
The risk assessment team should add the new-added threats into the Threat Pool associated with Risk Assessment.
5)Data Leakage Investigation (Specific; those Data Breaches from Internet and Darknet) [Reader: IT,IS,RISK,Management]
When a Data Leakage event happens, the Incident Response process should be triggered.
6)Indicator Of Compromise (i.e. IOC) feeds (They can be added into threat detection systems) [Reader: IT,IS]
The feeds should include the categories below:
-IP Address
-Domain
-URL
-Transport-layer Port Number
-Email Address
-Filename
-File Path
-Hash(MD5 or SHA)
-String
The IOC feeds should be imported to such threat detection systems as IDS/IPS,UTM,Anti-Virus,or even SIEM.
7)Action Plan (Specific; in response to new regulation,vulnerabilities,threats,and IOCs) [Reader: IT,IS,RISK,Management]
Nice blog. Incident response process is the entire lifecycle of an incident investigation, while incident response procedures are the specific tactics you and your team will be involved in during an incident response process.
ReplyDelete