Incident Lifecycle
Define the Incident Lifecycle you will enforce to all your Incidents
Introduction
Incident Stages define the lifecycle of an incident, from the moment they are identified until they are resolved. In this episode, we give you examples of stages and also show you how they are created in eramba.
Sample Stages
There are infinite ways how Incidents should be treated and there is no good or wrong answers here. eramba comes without any stage and this is why before you create them you need to define:
- What the stage name will be
- What needs to be completed in each stage in order to move to the next one
One (out of a million other methods - google "cybersecurity stages lifecycle" and you will see how much agreement there is on this matter) of defining stages could be:
- Identify: document what happened and made us realize an incident was taking place. the following details must be documented in order to move to the next stage: who reported, when, and how we validated the incident.
- Containment: document what was done to contain the incident: who, when, how.
- Communication: document to whom this incident was communicated, and attach evidence.
- Lessons Learned: document what was identified as the root cause and what will be done to prevent re-occurrence.
Incident Stages
In the "Settings" menu of the Incident Module, you can define the stages in the order you desire.
Once your stages are defined they should look like the screenshot shown below, of course, your stages will differ from the ones on the screenshot.
From now on, every incident created will have associated stages as per your definitions.
Changing Stages
TBD