|
|
|
|
|
|
|
|
|
|
Possible incident reported or suspected
|
|
Appropriate investigating team surveys suspected incident to determine validity
|
|
Valid Incident?
| YES
|
Determine Priority, notify incident coordinator
|
| |
|
|
|
|
NO
|
|
|
|
|
|
| |
|
Process ends with notification to system owner and person reporting suspected incident
| NO
|
Incident declared?
|
| |
|
|
|
|
|
|
YES
|
|
|
|
|
Perform more analysis
| YES
|
Further investigation or analysis needed?
|
|
Notify appropriate personnel, convene coordinating and investigating teams
|
| |
|
|
|
|
NO
|
|
|
|
|
|
| |
|
Incident containment
|
|
Incident eradication
|
|
Implement controls
|
|
|
|
|
|
|
|
|
|
|
| |
| |
| |
|
Incident follow-up
|
|
|
|
|
|
|
|
|
|
|
| |
| |
| |
| |
|
|
|
|
|
|
|
|
|
|
| |
| |
| |
| |
|
|
|
|
|
|
|
|
|