Security Incident Response Framework
(Redirected from Incident Response Plan)
Jump to navigation
Jump to search
A Security Incident Response Framework is a structured operational security crisis management framework that can support security incident response tasks.
- AKA: Incident Response Plan, Cyber Incident Response Framework, Security Event Response Framework.
- Context:
- It can typically detect Security Incidents through security incident response monitoring systems.
- It can typically classify Incident Severity Levels through security incident response triage processes.
- It can typically coordinate Incident Response Teams through security incident response communication protocols.
- It can typically contain Security Breaches through security incident response containment procedures.
- It can typically preserve Digital Evidences through security incident response forensics protocols.
- ...
- It can often perform Root Cause Analysises for security incident response investigation.
- It can often execute Incident Recovery Plans for security incident response restoration.
- It can often conduct Post-Incident Reviews for security incident response improvement.
- It can often trigger Regulatory Notifications for security incident response compliance.
- ...
- It can range from being a Basic Security Incident Response Framework to being an Advanced Security Incident Response Framework, depending on its security incident response maturity level.
- It can range from being a Manual Security Incident Response Framework to being an Automated Security Incident Response Framework, depending on its security incident response automation degree.
- It can range from being a Reactive Security Incident Response Framework to being a Proactive Security Incident Response Framework, depending on its security incident response threat anticipation.
- It can range from being a Centralized Security Incident Response Framework to being a Distributed Security Incident Response Framework, depending on its security incident response organizational structure.
- It can range from being a Generic Security Incident Response Framework to being a Specialized Security Incident Response Framework, depending on its security incident response domain focus.
- ...
- It can integrate with Security Information and Event Management (SIEM) Systems for security incident response alert aggregation.
- It can connect to Threat Intelligence Platforms for security incident response threat context.
- It can interface with Ticketing Systems for security incident response case management.
- It can communicate with Communication Platforms for security incident response stakeholder notification.
- It can synchronize with Backup and Recovery Systems for security incident response data restoration.
- ...
- Example(s):
- Industry-Standard Security Incident Response Frameworks, such as:
- NIST Incident Response Framework, following NIST SP 800-61 guidelines.
- SANS Incident Response Framework, implementing the PICERL methodology.
- ISO 27035 Incident Response Framework, based on ISO security incident management.
- Phase-Based Security Incident Response Frameworks, such as:
- Preparation Phase Framework, establishing incident response capabilities.
- Detection and Analysis Framework, identifying and investigating incidents.
- Containment and Eradication Framework, limiting damage and removing threats.
- Recovery and Lessons Learned Framework, restoring operations and improving defenses.
- Threat-Specific Security Incident Response Frameworks, such as:
- Ransomware Incident Response Framework, specialized for ransomware attacks.
- Data Breach Response Framework, focused on data exposure incidents.
- APT Response Framework, designed for advanced persistent threats.
- ...
- Industry-Standard Security Incident Response Frameworks, such as:
- Counter-Example(s):
- Business Continuity Framework, which focuses on maintaining operations not incident response.
- Disaster Recovery Plan, which addresses natural disasters not security incidents.
- Change Management Framework, which manages planned changes not incidents.
- Risk Management Framework, which prevents risks not responds to incidents.
- See: Incident Response Plan, Security Operations Center, Computer Security Incident Response Team, Digital Forensics, Threat Hunting, Security Orchestration, Crisis Management, Breach Notification Requirement, Cyber Resilience, Security Playbook, Incident Command System.