All Articles

Incident Lifecycle Management : Threat Management -NIST Aligned Process

Posted by pritha on July 3, 2023 at 8:27pm in Blog

1687852888551?e=1693440000&v=beta&t=k1FRADu4jt3NZ4jWUc9Asogkkj8_CNCPhCH0IyRd61c

 

Incident Lifecycle Management : Threat Management - NIST Aligned Process

Incident Lifecycle Management (ILM) refers to the systematic process of handling and managing security incidents within an organization. It involves the entire lifecycle of an incident, from detection and response to resolution and learning. The goal of ILM is to minimize the impact of incidents on the organization's operations, systems, and data, while also improving incident response capabilities.. Threat Management, specifically NIST Aligned Process, refers to the approach of managing threats to an organization's information and technology systems in accordance with the guidelines and best practices outlined by the National Institute of Standards and Technology (NIST). NIST provides a comprehensive framework and resources for managing cybersecurity risks and protecting critical infrastructure.

 

Detection & Analysis

Identification
• Analyze logs and information security events
• Identify potential information security incidents.
• Categorize incident


Validation
• Validate incident scale and consequence.
• Assign
consequence, seventy and priority ratings.
• Review and confirm ratings
• Endorse ratings.


Declaration & Escalation
• Based on priority, assemble ISIRT and notify appropriate parties and escalate incidents. (e.g. cntical & high pronty crisis and emergency incidents escalated to Country Emergency Manager).

 

 

Response & Recovery


Containment, Investigation & Forensics
• Direct ISIRT, develop incident response plan, activate rapid response team if needed, and communicate incident to internal and external stakeholders.
• Perform incident containment, investigation and root cause analysis, forensics and evidence management.

Eradication
• Eradicate technical vulnerabilities and incident root causes.

Recovery
• Recover affected information systems and business operations.

 


Post Incident


Post Incident Activities
• Document lessons
learnt.
• Close incident.
• Create incident review report.
• Develop and implement IS-IM improvement recommendations.

(Many years back we started the 'Top 100 CISO Awards' recognizing the important role a CISO plays in preventing huge breaches. Nominate yourself for the 15th Edition Of Top 100 Awards, The 1st recognition for CISOs)

 

12130284674?profile=RESIZE_710x

 

 

 

 

Presentation For Reference

Views: 31
E-mail me when people leave their comments –
Follow
Posted by pritha

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

RSAC Meetup Banner

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)