Test Drive the Computer Security Incident Response Plan
Process Resource Centers Deliver Complex Procedural Content to 21st-Century Workers in a Visually and Operationally Consumable Manner
Procedural documentation is the fabric that enables the cohesive definition and harmonization of critical processes. The computer security incident response plan is complex and includes the participation of many employees outside of information technology and cyber security professionals.
21st-Century workers must deal with a barrage of information. To remain productive, staff cautiously considers where they will spend their time and efforts. Procedural content that is not intuitive and easily consumable will get less of their time and may be ignored. This test drive illustrates a method of delivering procedural content associated with a computer incident response plan in an intuitive, visually, and operationally consumable manner.
Process Resource Centers are web frameworks designed to deliver complex procedural content to staff in an intuitive manner. This Computer Security Incident Response Plan (CSIRP) Process Resource Center (PRC) delivers procedural content required to respond to a suspected cyber security attack that has penetrated an organization's defenses. It is base on the National Institute of Standards and Technology Special Publication 800-61 Release 2 (NIST SP 800-61 R2). NIST is a part of the U.S. Department of Commerce. NIST SP 800-61 R2 is considered one of the top models for cyber security incident response planning.
The CSIRP PRC places computer incident response resources at the fingertips of users. It is designed to enable staff and the incident response team to read, understand, and act on appropriate instructions knowledgeably and quickly.
The link to the test drive site is below the features list. Once in the test drive, tap on each feature to view the content. There is also a 2-page white paper below the test drive link that illustrates the test drive features. The images in this white paper are also linked to their respective features in the test drive. These are the active features in this test drive:
Recommended by LinkedIn
2.1 Monitor & Detection - Staff-level workflow illustrating the process of determining if an event is escalated to an incident. In this workflow view these items
“In this Cyber War, People are the Problem…and the Solution” - Bruce Schneier
2yHey Henry, apologies for my late response. This is VERY interesting. Are you incorporating this inside a SOAR framework and/or workflow? Can we chat about this next week. I’m slammed this week. Let me know. Congratulations!!!