3/20/2024 0 Comments Incident priority matrixIncident handlers should consider the effort necessary to actually recover fromĪn incident and carefully weigh that against the value the recovery effort will create and any requirements related to incident handling.Ĭombining the functional impact to the organization's systems and the impact to the organization's information determines the business impact of the incident – for example, a distributed denial of service attack against a public web server may temporarily In other cases, an incident may require far more resources to handle than what an organization has available. That a similar incident did not occur in the future. To recover from an incident (e.g., if the confidentiality of sensitive information has been compromised) and it would not make sense to spend limited resources on an elongated incident handling cycle, unless that effort was directed at ensuring The size of the incident and the type of resources it affects will determine the amount of time and resources that must be spent on recovering from that incident. An incident that results in the exfiltration of sensitive information may also affect other organizations if any of the data pertained to a partner organization. Incident handlers shouldĬonsider how this information exfiltration will impact the organization's overall mission. For example, a malicious agent may exfiltrate sensitive information. Incidents may affect the confidentiality, integrity, and availability of the organization's information. Incident handlers should consider not only the current functional impact of the incident, but also the likely future functional impact of the incident if Incident handlers shouldĬonsider how the incident will impact the existing functionality of the affected systems. Incidents targeting IT systems typically impact the business functionality that those systems provide, resulting in some type of negative impact to the users of those systems. Prioritized based on the relevant factors, such as the following: Incidents should not be handled on a first-come, first-served basis as a result of resource limitations. Prioritizing the handling of the incident is perhaps the most critical decision point in the incident handling process.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |