Skip to content

Incident Response

Prerequisites

Section titled “Prerequisites”
  • On-call rota, comms channels, and incident commander role defined.
  • Runbooks for common failures and data breaches.

Steps

Section titled “Steps”
  1. Detect: monitoring alerts, stakeholder reports, anomaly detection.
  2. Triage: classify severity, assign roles, start incident doc.
  3. Contain: disable risky flows, rotate keys, block exfil paths.
  4. Eradicate/Recover: fix root cause, restore, validate integrity.
  5. Notify: legal/compliance review; stakeholder and user comms as required.
  6. Postmortem: blameless review, action items, owners, and deadlines.

Validation

Section titled “Validation”
  • MTTR within target; actions prevent recurrence; comms timely and clear.

Troubleshooting

Section titled “Troubleshooting”
  • Role confusion: pre-assign and drill quarterly.

Time/Impact

Section titled “Time/Impact”
  • Hours to days depending on scope; protects trust and compliance.
Section titled “Related”