Zen 2.0

Everyone loves to throw the term “life cycle” around like it actually means something, so I figure I will join the crowd and get one of my own.

Today we will discuss the life cycle of managing an incident. Here’s my take on this:

Definition

• Define the incident in terms of rules or queries

Detection

• Detect the occurrences of incidents based on the definition, either real-time or historical analysis
• Correlate multiple incidents to identify policy violations

Alert/Act

• Alert the appropriate personnel based on priorities and pre-defined alerting mechanisms
• Sometimes there’s some preliminary action taken to mitigate the attack, then further investigation will be performed.

Classification

• Properly prioritizing and categorizing the incident for accurate escalation

Investigation

• Investigate the incidents to perform assessment and root cause analysis

Resolution

• Resolve or respond to incidents in order to minimize adverse impact.
• Contain, eradicate and recover

Report/Audit

• Report on events and incidents for trending/planning
• Audit reports to identify anomalies or incidents missed in normal process

Last Modified: Saturday, October 30th, 2004 @ 13:02

This entry was posted on Friday, October 29th, 2004 at 8:06 am and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.