CYBER INCIDENT PLAYBOOKS
This document provides several Incident Response Methodologies (IRM) aimed at helping a company with the handling of different types of cyber incidents.
Compare to the great work done by the SG CERT this version provides:
- A definition for each type of IRM documented
- New order to the IRM references
- Cosmetic changes
- Opportunity to include your incident response team contact details
- A more visual IRM cycle
- Updates to the content of the IRMs
- Standardisation of each phase objectives definition
- Standardisation of the lessons learnt phase actions.
Each IRM is based on the following standard incident handling cycle which contains 6 phases.
- PREPARATION
- Get ready to handle the incident
- IDENTIFICATION
- Detect the incident
- CONTAINMENT
- Limit the impact of the incident
- REMEDIATION
- Remove the threat
- RECOVERY
- Recover to normal stage
- LESSONS LEARNT
- Draw up and improve the process
