The diagram will show a flow of information
|
|
|
|
|
|
|
|
|
|
Potential Incident reported
|
|
CSIRT team investigates suspected incident to determine validity an makes an assessment
|
|
CSIRT team leader communicates findings to entire team
|
|
Incident confirmed as valid
|
|
Incident contained
|
|
|
|
|
|
|
|
|
|
Eradication of potential threats
|
|
Notification of external agencies
|
|
CSIRT team protects evidence
|
|
CSIRT team gathers evidence
|
|
Incident type and severity assessed
|
|
|
|
|
|
|
|
|
|
Recovery of systems
|
|
Compile and organize incident documentation
|
|
Assess incident damage and cost
|
|
Review response and update policies
|
| |
|
|
|
|
|
|
|
|
|
|
| |
| |
| |
| |
|
|
|
|
|
|
|
|
|
|
| |
| |
| |
| |
|
|
|
|
|
|
|
|
|
|
| |
| |
| |
| |
|
|
|
|
|
|
|
|
|
|
| |
| |
| |
| |
|
|
|
|
|
|
|
|
|