SlideShare a Scribd company logo

Incident Response Swimlanes

Daniel P Wallace
Daniel P Wallace

Reams of incident response procedure documentation are captured in a one page visio diagram

Technology
1 of 1
1. Prevention 2. Detection 3. Classification 4. Control & Eradication 5. Follow Up & Recovery End Users User Community Provide Additional Notice Event Information Help Desk User Support Silo No Response is Needed Receive Report Service User Inquiries Feedback & Status Log Event & Close Close Event – No AAR Cross Functional Security Response CSIRT Needed Volunteer Fire Department Cross Functional Coordination Awareness After Action Review Security Plan Technical Execute Technical Improved Triage Response Response Performance Close Event Assessments and/or Route Resiliency Maintain & Event Share Lessons Deploy Tools ITS Department No Response is Needed Multiple ITS Silos Log Event & Close Performance restored to an Proactive Route Fault Plan Technical Execute Technical acceptable or Improve Systems, Monitoring Event Triage Response Response normal level Controls & Practices Detection Capability Management Business Unit Leadership Management Management Response Response Conference Calls External Department Multiple DTE Silos Feedback & Status 360° Input Provide Guidance & Support 360° Input Five Point Incident Response Model Swim Lane Diagram

Recommended

Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Narudom Roongsiriwong, CISSP
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for EndpointCheah Eng Soon
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Best Practices in Major Incident Management
Best Practices in Major Incident ManagementBest Practices in Major Incident Management
Best Practices in Major Incident ManagementxMatters Inc
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 

Recommended

Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Narudom Roongsiriwong, CISSP
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for EndpointCheah Eng Soon
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Best Practices in Major Incident Management
Best Practices in Major Incident ManagementBest Practices in Major Incident Management
Best Practices in Major Incident ManagementxMatters Inc
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
 
Disaster Recovery Plan for IT
Disaster Recovery Plan for ITDisaster Recovery Plan for IT
Disaster Recovery Plan for IThhuihhui
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access managementVandana Verma
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfParishSummer
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber ResilienceIan-Edward Stafrace
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited ResourcesLogRhythm
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceDavid J Rosenthal
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Managementn|u - The Open Security Community
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)Corporate Registers Forum
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response TriageAlbert Hui
 
The Six Stages of Incident Response
The Six Stages of Incident Response The Six Stages of Incident Response
The Six Stages of Incident Response Darren Pauli
 

More Related Content

What's hot

SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
 
Disaster Recovery Plan for IT
Disaster Recovery Plan for ITDisaster Recovery Plan for IT
Disaster Recovery Plan for IThhuihhui
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access managementVandana Verma
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfParishSummer
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited ResourcesLogRhythm
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceDavid J Rosenthal
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 

What's hot (20)

SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
 
Disaster Recovery Plan for IT
Disaster Recovery Plan for ITDisaster Recovery Plan for IT
Disaster Recovery Plan for IT
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity Assessment
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Management
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 

Viewers also liked

Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response TriageAlbert Hui
 
The Six Stages of Incident Response
The Six Stages of Incident Response The Six Stages of Incident Response
The Six Stages of Incident Response Darren Pauli
 
CETPA Presentation: Building A Successful BYOD Program
CETPA Presentation: Building A Successful BYOD ProgramCETPA Presentation: Building A Successful BYOD Program
CETPA Presentation: Building A Successful BYOD Programemilyensign
 
SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012Rian Yulian
 
Fssf breach-incident-table-top
Fssf breach-incident-table-topFssf breach-incident-table-top
Fssf breach-incident-table-topISSA LA
 
Incident Response Management - Metrics, Data, Visualize & Apply
Incident Response Management - Metrics, Data, Visualize & ApplyIncident Response Management - Metrics, Data, Visualize & Apply
Incident Response Management - Metrics, Data, Visualize & ApplyAline Tran
 
Privacy and Security: Teamwork Required to Tackle Incident Response
Privacy and Security: Teamwork Required to Tackle Incident ResponsePrivacy and Security: Teamwork Required to Tackle Incident Response
Privacy and Security: Teamwork Required to Tackle Incident ResponseID Experts
 
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...Steve Werby
 
Mandatory data breach notification for Australia
Mandatory data breach notification for AustraliaMandatory data breach notification for Australia
Mandatory data breach notification for AustraliaPatrick Dwyer
 
Keeping Client Data Safe (Final)
Keeping Client Data Safe (Final)Keeping Client Data Safe (Final)
Keeping Client Data Safe (Final)AdvogadaZuretti
 
Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony David Sweigert
 
The Practice of Cyber Crime Investigations
The Practice of Cyber Crime InvestigationsThe Practice of Cyber Crime Investigations
The Practice of Cyber Crime InvestigationsAlbert Hui
 
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny ZeltserSecurity Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny ZeltserAnton Chuvakin
 
InfoWatch - Data loss prevention (dlp) and social media monitoring (smm)
InfoWatch - Data loss prevention (dlp) and social media monitoring (smm)InfoWatch - Data loss prevention (dlp) and social media monitoring (smm)
InfoWatch - Data loss prevention (dlp) and social media monitoring (smm)Global Business Events
 
Workflow Based Security Incident Management
Workflow Based Security Incident ManagementWorkflow Based Security Incident Management
Workflow Based Security Incident Managementbelsis
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
swim lane support process example
swim lane support process exampleswim lane support process example
swim lane support process exampleRonaldo Radünz
 
ITIL Continual Service Improvement - ITSM Academy Webinar
ITIL Continual Service Improvement - ITSM Academy Webinar ITIL Continual Service Improvement - ITSM Academy Webinar
ITIL Continual Service Improvement - ITSM Academy Webinar ITSM Academy, Inc.
 

Viewers also liked (20)

Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response Triage
 
The Six Stages of Incident Response
The Six Stages of Incident Response The Six Stages of Incident Response
The Six Stages of Incident Response
 
ITIL and Service Management
ITIL and Service ManagementITIL and Service Management
ITIL and Service Management
 
CETPA Presentation: Building A Successful BYOD Program
CETPA Presentation: Building A Successful BYOD ProgramCETPA Presentation: Building A Successful BYOD Program
CETPA Presentation: Building A Successful BYOD Program
 
SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012
 
Fssf breach-incident-table-top
Fssf breach-incident-table-topFssf breach-incident-table-top
Fssf breach-incident-table-top
 
Incident Response Management - Metrics, Data, Visualize & Apply
Incident Response Management - Metrics, Data, Visualize & ApplyIncident Response Management - Metrics, Data, Visualize & Apply
Incident Response Management - Metrics, Data, Visualize & Apply
 
Privacy and Security: Teamwork Required to Tackle Incident Response
Privacy and Security: Teamwork Required to Tackle Incident ResponsePrivacy and Security: Teamwork Required to Tackle Incident Response
Privacy and Security: Teamwork Required to Tackle Incident Response
 
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
 
Mandatory data breach notification for Australia
Mandatory data breach notification for AustraliaMandatory data breach notification for Australia
Mandatory data breach notification for Australia
 
Keeping Client Data Safe (Final)
Keeping Client Data Safe (Final)Keeping Client Data Safe (Final)
Keeping Client Data Safe (Final)
 
Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony
 
The Practice of Cyber Crime Investigations
The Practice of Cyber Crime InvestigationsThe Practice of Cyber Crime Investigations
The Practice of Cyber Crime Investigations
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response Plan
 
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny ZeltserSecurity Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
 
InfoWatch - Data loss prevention (dlp) and social media monitoring (smm)
InfoWatch - Data loss prevention (dlp) and social media monitoring (smm)InfoWatch - Data loss prevention (dlp) and social media monitoring (smm)
InfoWatch - Data loss prevention (dlp) and social media monitoring (smm)
 
Workflow Based Security Incident Management
Workflow Based Security Incident ManagementWorkflow Based Security Incident Management
Workflow Based Security Incident Management
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 
swim lane support process example
swim lane support process exampleswim lane support process example
swim lane support process example
 
ITIL Continual Service Improvement - ITSM Academy Webinar
ITIL Continual Service Improvement - ITSM Academy Webinar ITIL Continual Service Improvement - ITSM Academy Webinar
ITIL Continual Service Improvement - ITSM Academy Webinar
 

Similar to Incident Response Swimlanes

Sa 007 availability
Sa 007 availabilitySa 007 availability
Sa 007 availabilityFrank Gielen
 
Uks iosh inside cover 1
Uks iosh inside cover 1Uks iosh inside cover 1
Uks iosh inside cover 1Clive Burgess
 
Uks iosh inside 2 on 3
Uks iosh inside 2 on 3Uks iosh inside 2 on 3
Uks iosh inside 2 on 3Clive Burgess
 
Itil v3 foundation study guide service operation
Itil v3 foundation study guide service operationItil v3 foundation study guide service operation
Itil v3 foundation study guide service operationMuhammad Zamzani
 
Tools Processes And Training
Tools Processes And TrainingTools Processes And Training
Tools Processes And Trainingdgholden
 
How to implement effective ITSM System
How to implement effective ITSM SystemHow to implement effective ITSM System
How to implement effective ITSM SystemAna Meskovska
 
remote service automation
remote service automationremote service automation
remote service automationHoneywell
 
October 2008 - Transforming from Help Desk to Service Desk, Lowering TCO
October 2008 - Transforming from Help Desk to Service Desk, Lowering TCOOctober 2008 - Transforming from Help Desk to Service Desk, Lowering TCO
October 2008 - Transforming from Help Desk to Service Desk, Lowering TCOIT Service and Support
 
Shoretel Global Services
Shoretel Global ServicesShoretel Global Services
Shoretel Global Servicesaxjt1017
 
Oil and Gas 75 Workshop Ana Paula Brambila Sep 2012
Oil and Gas 75 Workshop Ana Paula Brambila Sep 2012Oil and Gas 75 Workshop Ana Paula Brambila Sep 2012
Oil and Gas 75 Workshop Ana Paula Brambila Sep 2012alipaiva
 
Sourcing Lecture 3 Outsourcing
Sourcing Lecture 3 OutsourcingSourcing Lecture 3 Outsourcing
Sourcing Lecture 3 OutsourcingFrank Willems
 
Shift team effectiveness: Don't bother if you can't change "shop floor" shift...
Shift team effectiveness: Don't bother if you can't change "shop floor" shift...Shift team effectiveness: Don't bother if you can't change "shop floor" shift...
Shift team effectiveness: Don't bother if you can't change "shop floor" shift...Yokogawa1
 
ITIL overview
ITIL overviewITIL overview
ITIL overviewQAI
 
ITIL Benefits
ITIL BenefitsITIL Benefits
ITIL BenefitsQAI
 
Fire Safety Management
Fire Safety ManagementFire Safety Management
Fire Safety ManagementNc Das
 

Similar to Incident Response Swimlanes (20)

Sa 007 availability
Sa 007 availabilitySa 007 availability
Sa 007 availability
 
Step Fwd It
Step Fwd ItStep Fwd It
Step Fwd It
 
Uks iosh inside cover 1
Uks iosh inside cover 1Uks iosh inside cover 1
Uks iosh inside cover 1
 
Uks iosh inside 2 on 3
Uks iosh inside 2 on 3Uks iosh inside 2 on 3
Uks iosh inside 2 on 3
 
Itil v3 foundation study guide service operation
Itil v3 foundation study guide service operationItil v3 foundation study guide service operation
Itil v3 foundation study guide service operation
 
Tools Processes And Training
Tools Processes And TrainingTools Processes And Training
Tools Processes And Training
 
How to implement effective ITSM System
How to implement effective ITSM SystemHow to implement effective ITSM System
How to implement effective ITSM System
 
remote service automation
remote service automationremote service automation
remote service automation
 
October 2008 - Transforming from Help Desk to Service Desk, Lowering TCO
October 2008 - Transforming from Help Desk to Service Desk, Lowering TCOOctober 2008 - Transforming from Help Desk to Service Desk, Lowering TCO
October 2008 - Transforming from Help Desk to Service Desk, Lowering TCO
 
Shoretel Global Services
Shoretel Global ServicesShoretel Global Services
Shoretel Global Services
 
Java performance monitoring
Java performance monitoringJava performance monitoring
Java performance monitoring
 
Oil and Gas 75 Workshop Ana Paula Brambila Sep 2012
Oil and Gas 75 Workshop Ana Paula Brambila Sep 2012Oil and Gas 75 Workshop Ana Paula Brambila Sep 2012
Oil and Gas 75 Workshop Ana Paula Brambila Sep 2012
 
Sourcing Lecture 3 Outsourcing
Sourcing Lecture 3 OutsourcingSourcing Lecture 3 Outsourcing
Sourcing Lecture 3 Outsourcing
 
Shift team effectiveness: Don't bother if you can't change "shop floor" shift...
Shift team effectiveness: Don't bother if you can't change "shop floor" shift...Shift team effectiveness: Don't bother if you can't change "shop floor" shift...
Shift team effectiveness: Don't bother if you can't change "shop floor" shift...
 
9sept2009 iiruc
9sept2009 iiruc9sept2009 iiruc
9sept2009 iiruc
 
Tool Box Training-Operator Care
Tool Box Training-Operator CareTool Box Training-Operator Care
Tool Box Training-Operator Care
 
ITIL overview
ITIL overviewITIL overview
ITIL overview
 
ITIL Benefits
ITIL BenefitsITIL Benefits
ITIL Benefits
 
ITManager
ITManagerITManager
ITManager
 
Fire Safety Management
Fire Safety ManagementFire Safety Management
Fire Safety Management
 

Recently uploaded

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 

Recently uploaded (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 

Incident Response Swimlanes

  • 1. 1. Prevention 2. Detection 3. Classification 4. Control & Eradication 5. Follow Up & Recovery End Users User Community Provide Additional Notice Event Information Help Desk User Support Silo No Response is Needed Receive Report Service User Inquiries Feedback & Status Log Event & Close Close Event – No AAR Cross Functional Security Response CSIRT Needed Volunteer Fire Department Cross Functional Coordination Awareness After Action Review Security Plan Technical Execute Technical Improved Triage Response Response Performance Close Event Assessments and/or Route Resiliency Maintain & Event Share Lessons Deploy Tools ITS Department No Response is Needed Multiple ITS Silos Log Event & Close Performance restored to an Proactive Route Fault Plan Technical Execute Technical acceptable or Improve Systems, Monitoring Event Triage Response Response normal level Controls & Practices Detection Capability Management Business Unit Leadership Management Management Response Response Conference Calls External Department Multiple DTE Silos Feedback & Status 360° Input Provide Guidance & Support 360° Input Five Point Incident Response Model Swim Lane Diagram