Preparing incident remediation playbooks
Now, we have covered incident remediation phases such as containment, eradication, and recovery in detail. A curious reader may have observed several intersections in the actions. This question may be raised: how do you optimize incident remediation and plan the team efforts, especially after the stressful period of initial shock, incident analysis, sleepless nights, and subjugating the chaos?
As time is the most important factor, the first and most important task is to walk through all action items mentioned in the previous sections. The walk-through outcomes should be as follows:
- Estimated time to apply actions for a standalone system/endpoint/object and multiple entries: This can be achieved during the cyber drills when the responsible teams are free from the daily routine, don’t have other tasks, and are totally dedicated to the exercise. During that day, the team should test the required action and measure the time taken...
