Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Note: Updated information is shaded in GREEN, and completed actions are struck through. Date/Time Incident Reported: 2017-...
Provide IP ranges and network diagrams In Progress Network Team 2017-10-13 Analyze disk images Not Started J. Choo, K. Wes...
Upcoming SlideShare
Loading in …5
×

Incident Response Services Template - Cisco Security

8,229 views

Published on

When responding to a security incident, communication is perhaps one of the most important, and yet, most overlooked aspects. This Cisco Security Incident Response Services Template has been used and refined for a number of years now in both Fortune 100 companies as well as with all of our Cisco Security Incident Response Services customers. 
Learn more about incident response communications here: https://blogs.cisco.com/security/incident-response-fundamentals-communication

Published in: Technology
no profile picture user

  • Be the first to comment

  • Be the first to like this

Incident Response Services Template - Cisco Security

  1. 1. Note: Updated information is shaded in GREEN, and completed actions are struck through. Date/Time Incident Reported: 2017-09-06 Update Date & Time: 2017-10-16 10:30 EST Next Update: 2017-10-20 09:00 EST CSIRS Team Members: Sean Mason, Director of Incident Response Jimmy Choo, Senior Incident Response Analyst Kanye West, Senior Incident Response Analyst CSIRS Team Contact Email: Email alias Latest Update [List key elements leadership needs to know to stay informed and make business decision] Current Impact [Identify impact to the business] Areas of Concern Challenge Impact Resolved Example: Delay in receiving documentation for IP scopes and network architecture Knowledge of the network will be reduced Example: DNS Logging is not available from InfoBlox Traffic going out to malicious websites is not being immediately identified and blocked Action Items Action Status Owner Requested Completed Initiate Scoping Call Complete J. Choo 2017-10-13 2017-10-13 Network Access Complete J. Choo 2017-10-13 2017-10-14 Collect DNS logs Incomplete K. West 2017-10-13 Provide memory images of impacted hosts In Progress K. West 2017-10-13 Provide disk images of impacted hosts Complete K. West 2017-10-13 2017-10-17
  2. 2. Provide IP ranges and network diagrams In Progress Network Team 2017-10-13 Analyze disk images Not Started J. Choo, K. West Block remote IP on perimeter devices Complete Firewall Team 2017-10-14 2017-10-18 Provide IPs/Hosts/IOCs identified in analysis Ongoing J. Choo, K. West 2017-10-18 Intelligence Summary [Latest information on threat intelligence related to the incident] Current Recommendations [Documented discoveries and recommendations] Previous Incident Summaries [Additional information from previous updates] Appendix Incidents are a fluid situation and we cannot always definitely state findings with 100% confidence. As such, throughout the report, CSIRS may utilize phrases and terms such as the below which are based on years of experience and knowledge, and are used as a guide to understand our level of confidence in our speculation. Phrase Estimated Confidence % Low Confidence / Possible / Unlikely <35% Moderate Confidence / Possible / Likely 35%-69% High Confidence / Highly Probably / Highly Likely >70%

×