SIEM for ITIL Incident Response - Part 2 - AlienVault

More documents

Recommendations

Info

183) Correlations between Major Business Activities and Security Trends4 – QUANTITIVELY MANAGEDIncident Responses reaches its potential as gap coverage/analysis for the rest of the SecurityProgram here. Response work becomes vital not just for the defense of integrity of businessoperations, but the measurement of the true cost of those operations and the effectiveness ofresources deployed to protect them.DetectionRemediationMetricsIntelligence• Intrusion Detection1) All services from stage 1+2+3• Compliance Management1) All services from stage 1+2+3• Exposure Detection1) Discovery of Threat Exposure by Configuration Change.• Disaster Recovery1) All services from stage 3• Business Continuity1) All services from stage 1+2+3• Security Posture1) All services from stage 1+2+32) Type Trending of configuration changes that result in exposures leadingto security incidents.• Resourcing1) All services from stage 1+2+31) All services from stage 1+2+32) High-Risk IT deployments and operations that require additional securityoversight.
195 – OPTIMIZINGFinally we arrive at the point where Incident response becomes Exposure Response, lockingin a feedback loop of continuous improvement with the rest of the Security Program.For the sake of brevity, the prior sets do not require repeating. At this stage we come to theculmination of Incident Response:The continual measurement of the outcome of risk decisions taken, resources applied, and themovements of the global theater of risk.Particularly though, at this level of evolution, the service catalog should be so tailored to theenterprise it serves, that providing a list of suggestions would defeat the purpose of doing so.
Page 2: 2ForewordIn the previous installati
Page 5 and 6: 5Flow DiagramWe’ve been Breached
Page 7 and 8: 7Flow DiagramSecurityControlSecurit
Page 9 and 10: 9Flow DiagramSecurityControlSecurit
Page 11 and 12: 11Flow DiagramSecurityControlSecuri
Page 13 and 14: 13Flow DiagramSecurityControlSecuri
Page 15 and 16: 151 - INITIALBy definition, there c
Page 17: 173 - DEFINEDAt this stage, Inciden

SIEM for ITIL Incident Response - Part 2 - AlienVault

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?