NIST Aligned Process For Threat Management

This article highlights the Threat Management Process in Incident Response and brings in the understanding of the Kill chain model. Excerpts have been taken from a session presented at SACON - The Security Architecture Conference. You can view the full slide here.

For more in depth session on Incident Response, Threat Intel & many more - sign up for SACON here

3 Stages Of Incident LifeCycle

Detection & Analysis
Response & Recovery
Post incident

( Read More: Bad USB Defense Strategies )

Threat Management - NIST Aligned Process

Detection & Analysis	Detection & Analysis	Detection & Analysis	Response & Recovery	Response & Recovery	Response & Recovery	Post Incident
Analyse Logs and Information Security Events	Validate Incident Scale and Consequence	Based on priority, assemble ISIRT and notify appropriate parties and escalate incidents. (e.g.. critical & high priority crisis and emergency incidents escalated to Country Emergency Manager)	Direct ISIRT, develop incident response plan, activate rapid response team if needed and communicate incident to internal & external stakeholders	Eradicate technical vulnerabilities and incident root causes	Recover affected information systems and business operations	Document lessons learnt
Identify potential information security incidents	Assign consequence, severity and priority ratings		Perform incident containment, investigation and root cause analysis, forensics and evidence management			Close Incident
Categorize incident	Review & confirm ratings					Create incident review report
	Endorse ratings					Develop and implement IS-IM improvement recommendations