richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Vault restructure

Browse source
This commit is contained in:
Richard Kranendonk 2026-04-23 11:51:51 +02:00
parent d45797d121
commit ff77508bd1
1433 changed files with 415450 additions and 1201 deletions
Download patch file Download diff file Expand all files Collapse all files

13
Corpus/Standards/SANS/SANS Incident Response step 2 Identification.md Normal file
View file

@ -0,0 +1,13 @@
### Step 2: Identification
This step involves detecting deviations from normal operations in the organization, understanding if a deviation represents a security incident, and determining how important the incident is.
The SANS incident response identification procedure includes the following elements:
- **Setting up monitoring** for all sensitive IT systems and infrastructure.
- **Analyzing events** from multiple sources including log files, error messages, and alerts from security tools.
- **Identifying an incident** by correlating data from multiple sources, and reporting it as soon as possible.
- **Notifying CSIRT members** and establishing communication with a designated command center (for example this could be senior management, IT operations)
- strong{Assigning at least two incident responders to a live incident, one as the primary handler who assesses the incident and makes the decision, and the other to help investigate and gather evidence.
- **Documenting everything** that incident responders are doing as part of the attack—answering the Who, What, Where, Why, and How questions.
- **Threat prevention and detection capabilities** across all main attack vectors.