Online Courses
Cyber Incident Response
Online Courses
Cyber Incident Response
  • Cyber Incident Response
  • Incident Response Fundamentals
    • Introduction to Incident Response
    • Why is incident response needed?
    • Incident Response Phases
    • Business Continuity and Disaster Recovery roles
    • Building an IR playbook
    • Building and IR team
    • Quiz
  • Stages of Incident Response
    • Incident definitions and severity criteria
    • Identifying threats and vulnerabilities
    • Incident Response assets inventory and identification
    • Incident identification
      • Incident Response classification levels
      • Communication/notification of an incident
      • Identification tools and techniques
    • Incident containment
      • Determining status of infected/affected computing resources
      • Containment actions
      • Containment tools and techniques
    • Incident investigation
      • Investigation data sources
      • The role of Digital Forensics
    • Incident eradication
      • Cleanup and verification
      • Notification
      • Eradication tools and techniques
    • Incident recovery
      • Service and System restoration
      • Certification and validation of Business Continuity
      • Recovery and restoration tools and techniques
  • Follow Up / Lessons Learned
    • Assessing the team and processes' effectiveness
    • Implementing improvements
    • Feedback from other teams in the organization
    • Quiz
  • Understanding the Incident Response process and tools quiz
Powered by GitBook
On this page
  • Severity levels
  • Common methodology
  • Include other data in criteria
  1. Stages of Incident Response
  2. Incident identification

Incident Response classification levels

Not all incidents are equal:

  • Severity

  • Priority

  • Organization culture

Severity levels

Often difficult to measure completely

May be frequently adjusted and IT landscape changes (cloud, etc)

Must include input from upper management and other parts of the organization

Common methodology

Urgency

How quickly will the damage continue to grow while the incident is still ongoing?

Impact

How widely is the impact felt, how many users or customers are affected and what will be the cost of the impact?

Each urgency and impact have their own ratings, which are sometimes combined to calculate priority

Include other data in criteria

Risk assessments already performed by IT risk group

Business Impact Analysis data

Disaster recovery

Business continuity

PreviousIncident identificationNextCommunication/notification of an incident

Last updated 8 months ago