[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cacao] Preventative Action
Andrew, I think it is important that we all use the same definitions for things. I have called these out the documents to help in this regards. I have heard many seasoned security analysts and security architects use these terms incorrectly. From the requirements document: Investigative Action - This is an action that is used to gather information relevant to the construction or modification of cyber security playbooks. This includes gathering of information about a possible incident, problem, attack, or compromise. In some cases, an investigative action could require changes to the systems, networks or application behaviors in order to facilitate a deeper understanding of the investigation and resultant potential response. Mitigative Action - This is an action that is used to respond to problems that can occur from an incident, problem, attack, or compromise. This is often done when a remediative action is not currently possible. For example, when a system patch is not yet available, one might deploy compensating controls such as moving the system into a sandbox virtual lan (vlan) or deploying more stringent firewall rules. Remediative Action - This is an action that is often used with a goal of eradicating an issue, problem, attack, or compromise on one or more systems that have been determined to be compromised or involved in the particular event. Preventative Action - This is an action that is used to help ensure that an issue, problem, attack, or compromise does not happen in the first place. In some cases, preventative actions may overlap with certain mitigative and remediation actions. So a preventative action could be like deploying the CIS Top20 security controls. Or could be deploying a block on the firewall for the next HeartBleed before you get compromised. Thanks, Bret PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]