Find Resources and Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

Subscribe to this discussion

Use Cases for Security Incident Management

Does anyone have (or can point me to) a list of generic security incident use cases?

Clearly many will focus on breach of specific security policy statements, acceptable usage, data leakage, etc. as well as more serious breaches etc. A generic list might be a good starting point to consider though in terms of testing the generic incident response process.
You must sign in to rate content.
(Unrated)

Comments

RE: Use Cases for Security Incident Management

There is  no  list of such cases but it is rather organization specific. Over the time the process document will be enriched with any new cases. For sure you cannot cover all the cases that might be happened.

Cheers,
Jiorgos202Lively at 2/16/2016 2:39:20 PM Quote
You must sign in to rate content.
(Unrated)

RE: Use Cases for Security Incident Management

Hi there,

I would recommend to take a look at the ISO/IEC 27035 standard. It has a generic approach on Information Security Management and has also a lot of examples. Unfortunately it´s a bit expensive.

Cheers,
jmoesgenLively at 2/21/2016 6:28:08 AM Quote
You must sign in to rate content.
(Unrated)

RE: Use Cases for Security Incident Management

Hi Phil,

HR policy violation, acceptable use, data breach, espionage, hacking, physical theft, fraud (kickback etc.), IP theft, lost or stolen assets probably are high level categories. However many can probably have further sub categories and security incident response checklist/cheat sheets may vary depending upon that particular case.
 
for example. in my opinion, typical sub categories in context of hacking/data breach could relate to Application (web apps, data theft,), Directory services i.e. AD (credential theft, data exfiltration), End user computing (malware outbreak, data theft), Network and there should be specific recovery procedures for each of them. These should be audited as part of security incident management process.

so basically, the initial triage, assessment &verification guidelines and recovery procedures may vary depending upon these sub category but rest of the IM process elements are generic and applied in the business context/ e.g. classification, notification and communication, RACI chart, post mortem and close out,

cheers
-JD

JatindLively at 2/25/2016 5:23:22 AM Quote
You must sign in to rate content.
(Unrated)

RE: Use Cases for Security Incident Management

Hi Phil,

HR policy violation, acceptable use, data breach, espionage, hacking, physical theft, fraud (kickback etc.), IP theft, lost or stolen assets probably are high level categories. However many can probably have further sub categories and security incident response checklist/cheat sheets may vary depending upon that particular case.
 
for example. in my opinion, typical sub categories in context of hacking/data breach could relate to Application (web apps, data theft,), Directory services i.e. AD (credential theft, data exfiltration), End user computing (malware outbreak, data theft), Network and there should be specific recovery procedures for each of them. These should be audited as part of security incident management process.

so basically, the initial triage, assessment &verification guidelines and recovery procedures may vary depending upon these sub category but rest of the IM process elements are generic and applied in the business context/ e.g. classification, notification and communication, RACI chart, post mortem and close out,

cheers
-JD

JatindLively at 2/25/2016 5:23:22 AM Quote
You must sign in to rate content.
(Unrated)

RE: Use Cases for Security Incident Management

Hi there,

I would recommend to take a look at the ISO/IEC 27035 standard. It has a generic approach on Information Security Management and has also a lot of examples. Unfortunately it´s a bit expensive.

Cheers,
jmoesgenLively at 2/21/2016 6:28:08 AM Quote
You must sign in to rate content.
(Unrated)

RE: Use Cases for Security Incident Management

There is  no  list of such cases but it is rather organization specific. Over the time the process document will be enriched with any new cases. For sure you cannot cover all the cases that might be happened.

Cheers,
Jiorgos202Lively at 2/16/2016 2:39:20 PM Quote
You must sign in to rate content.
(Unrated)

RE: Use Cases for Security Incident Management

There is  no  list of such cases but it is rather organization specific. Over the time the process document will be enriched with any new cases. For sure you cannot cover all the cases that might be happened.

Cheers,
Jiorgos202Lively at 2/16/2016 2:39:20 PM Quote
You must sign in to rate content.
(Unrated)

RE: Use Cases for Security Incident Management

Hi there,

I would recommend to take a look at the ISO/IEC 27035 standard. It has a generic approach on Information Security Management and has also a lot of examples. Unfortunately it´s a bit expensive.

Cheers,
jmoesgenLively at 2/21/2016 6:28:08 AM Quote
You must sign in to rate content.
(Unrated)

RE: Use Cases for Security Incident Management

Hi Phil,

HR policy violation, acceptable use, data breach, espionage, hacking, physical theft, fraud (kickback etc.), IP theft, lost or stolen assets probably are high level categories. However many can probably have further sub categories and security incident response checklist/cheat sheets may vary depending upon that particular case.
 
for example. in my opinion, typical sub categories in context of hacking/data breach could relate to Application (web apps, data theft,), Directory services i.e. AD (credential theft, data exfiltration), End user computing (malware outbreak, data theft), Network and there should be specific recovery procedures for each of them. These should be audited as part of security incident management process.

so basically, the initial triage, assessment &verification guidelines and recovery procedures may vary depending upon these sub category but rest of the IM process elements are generic and applied in the business context/ e.g. classification, notification and communication, RACI chart, post mortem and close out,

cheers
-JD

JatindLively at 2/25/2016 5:23:22 AM Quote
You must sign in to rate content.
(Unrated)

Leave a Comment

* required

You must login to leave a comment.