Incident Containment Process
(Redirected from Incident Isolation Process)
Jump to navigation
Jump to search
An Incident Containment Process is a time-critical incident response process that can support incident containment tasks.
- AKA: Incident Isolation Process, Threat Containment Process, Incident Control Process.
- Context:
- It can typically limit Incident Spreads through incident containment process isolation measures.
- It can typically prevent Lateral Movements through incident containment process network segmentations.
- It can typically preserve System States through incident containment process evidence preservations.
- It can typically maintain Business Operations through incident containment process selective isolations.
- It can typically enable Forensic Investigations through incident containment process artifact collections.
- ...
- It can often implement Network Isolations for incident containment process traffic blocking.
- It can often disable User Accounts for incident containment process access prevention.
- It can often quarantine Infected Systems for incident containment process malware isolation.
- It can often snapshot System Images for incident containment process state preservation.
- ...
- It can range from being a Partial Incident Containment Process to being a Complete Incident Containment Process, depending on its incident containment process isolation scope.
- It can range from being a Manual Incident Containment Process to being an Automated Incident Containment Process, depending on its incident containment process execution method.
- It can range from being a Temporary Incident Containment Process to being a Permanent Incident Containment Process, depending on its incident containment process duration approach.
- It can range from being a Graceful Incident Containment Process to being an Emergency Incident Containment Process, depending on its incident containment process urgency level.
- It can range from being a Reversible Incident Containment Process to being an Irreversible Incident Containment Process, depending on its incident containment process restoration capability.
- ...
- It can integrate with Security Orchestration Platforms for incident containment process automation.
- It can connect to Network Security Tools for incident containment process traffic control.
- It can interface with Endpoint Detection Systems for incident containment process host isolation.
- It can communicate with Incident Management Systems for incident containment process coordination.
- It can synchronize with Backup Systems for incident containment process recovery preparation.
- ...
- Example(s):
- Network-Level Incident Containment Processes, such as:
- Firewall Rule Containment Process, blocking malicious traffic patterns.
- VLAN Isolation Process, segmenting compromised network segments.
- DNS Sinkhole Process, redirecting malicious domain requests.
- Host-Level Incident Containment Processes, such as:
- System Quarantine Process, disconnecting infected endpoints.
- Process Termination Process, stopping malicious processes.
- Service Suspension Process, disabling compromised services.
- Application-Level Incident Containment Processes, such as:
- Account Lockout Process, disabling compromised user accounts.
- API Throttling Process, limiting suspicious API calls.
- Database Connection Termination Process, blocking malicious queries.
- ...
- Network-Level Incident Containment Processes, such as:
- Counter-Example(s):
- Incident Prevention Process, which stops incidents before they occur.
- Incident Recovery Process, which restores systems after containment.
- Forensic Analysis Process, which investigates but doesn't contain incidents.
- See: Incident Response Process, Digital Forensics Process, Security Incident Response Framework, Incident Management Process, Crisis Management, Emergency Response Procedure, Threat Mitigation, Security Control Mechanism, Disaster Recovery Process, Business Continuity Process, Evidence Preservation Process.