情境

你這流程怪怪的，是不是沒有確實執行

恩... 來看一下美國聯邦政府及美國公共電力協會的IR Playbooks怎麼做

說明

Federal Government Cybersecurity Incident and Vulnerability Response Playbooks

https://www.cisa.gov/sites/default/files/publications/Federal_Government_Cybersecurity_Incident_and_Vulnerability_Response_Playbooks_508C.pdf

這是 2021年 Cybersecurity and Infrastructure Security Agency (CISA)基於 Executive Order 14028 行政命令所制定的Playbook

該流程是以 National Institute of Standards and Technology (NIST) Special Publication (SP) 800-61 Rev. 2,5 做展開

有五個階段跟一個外部協助，有用顏色分別，依照這流程執行清楚多了

• 準備階段 preparation
  • 記錄和理解事件響應的政策和程序
  • 檢測環境以檢測可疑和惡意活動
  • 制定人員配置計劃
  • 教育用戶了解網絡威脅和通知程序
  • 利用網路威脅情報 (CTI) 主動識別潛在的惡意活動
• 檢測和分析階段 detection and analysis
• 控制階段 containment
• 根除和恢復階段 eradication and recovery
• 事件後階段 post-incident activities
• 協作 coordination

Public-Power-Cyber-Incident-Response-Playbook

https://www.publicpower.org/system/files/documents/Public-Power-Cyber-Incident-Response-Playbook.pdf

參考資料

Federal Government Cybersecurity Incident and Vulnerability Response Playbooks
https://www.cisa.gov/sites/default/files/publications/Federal_Government_Cybersecurity_Incident_and_Vulnerability_Response_Playbooks_508C.pdf

Public-Power-Cyber-Incident-Response-Playbook
https://www.publicpower.org/system/files/documents/Public-Power-Cyber-Incident-Response-Playbook.pdf

SP 800-61 Rev. 2
https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final