Information Security Asked on December 6, 2021
Do incident response plans include the playbooks or are the playbooks separate from the incident response plan?
The primary industry standard for playbooks is the Integrated Adaptive Cyber Defense (IACD) Research group, out of Maryland (John Hopkins).
These can constitute any type of cybersecurity response, at the event, alert, notable, or incident level -- for indications and indicators. Playbooks could be part of a CIRT (and therefore IR/DFIR planning), but they could also be part of other structures, such as Cyber Threat Intelligence, Threat Hunting, Security Operations, Security Engineering, Red Teaming, Cybersecurity Analytics, Cyber-Risk Management, and potentially many other specialty areas.
Playbooks are conditions, indicators, and controls that drive the need for cybersecurity responses [as] captured [via] orchestration services [for monitoring and execution].
Playbooks are process-oriented and:
At the highest level of abstraction, playbooks are a set of process oriented steps that enable an organization to meet the requirements specified in their policies and procedures. They are a set of human understandable actions that document an organizational process performed in response to a cyber-event or other defined trigger condition. Playbooks are meant to be generic enough for broad applicability between organizations while detailed enough to meet specific situations. Playbooks may invoke other playbooks, operate either serially or in parallel, or initiate a workflow depending on the situation or conditions facing the system.
Answered by atdre on December 6, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP