PDS logo Computer Security Incident Response Plan (CSIRP)
Process Resource Center

2.1 Monitor & Detection

Supplier(s)

Input(s)

Requirement Detail

  • Users
  • Information Technology Staff
  • NOC/SOC
  • Security Monitoring Tools
  • Event Logging Tool
  • External Partners
  • Victims
  • Suspicious Network/Computer Activity
  • Report or Complaint of Personal Information Compromised
  • Continuous monitoring with timely response
  • Users adequately trained to recognized and report suspicious network/system activities
  • Automated tools with updates to recognize and report suspicious network/system activities
  • Recognition of deviations from normal activities

Primary Deliverables

Consumers

Requirement Detail

  • False Positive Ticket Closed, User Updated
  • Non Cybersecurity Event IT Remediation Logging and Tracking Continues to Event Closure
  • Event Declared an Incident and Possibly a Data Breach - Logging and Tracking Continues - Team Moves to CSIRT 2.2 Analysis
  • Knowledge Base
  • Cyber Security Incident - Ticket Open
  • Person/Group that Reported Activity
  • CIO
  • Executive Leadership
  • Events Logged and Tracked from Inception to Disposition
  • Incident Management Knowledgebase Created and Maintained
  • Event Status Reports Continuously Checked
  • Event Evidence Preserved
  • Events Analyzed and Triaged to Support Event Resolution or Incident Declaration

Metrics

  • Time from Initial Entry to Detection
  • Mean Time from Detection of Event to Analyst for Review
  • Dwell Time
  • Lateral Movement

(R)esponsible

(The Doers) - Those who do the work to achieve the task. There is at least one role with a participation type of Responsible.

  • CSIRT Leader
  • PMO
  • IT Support Staff
  • NOC/SOC

(A)ccountable

(The Buck Stops Here) - The one ultimately answerable for correctness and thoroughness of the completed task.

  • CIO
  • Chief Information Security Officer (CISO)

(S)upport

Those who can provide resources or can play a supporting role in implementation.

(C)onsult

Those whose opinions are sought, typically subject matter experts. Two-way communication.

  • CSIRT
  • Information Technology
  • Legal
  • Physical Security
  • Insurance Company

(I)nform

Those kept up to date on progress with whom there is one-way communication.

  • Person/Group that Reported Activity
  • CIO
  • Executive Leadership
  • Victims

2.1.2 Open a Help Desk Service Ticket:

  • DO NOT TURN OFF YOUR COMPUTER!
    You will be instructed on how to disconnect your computer from the network.
  • User call Help Desk hotline number (972) 980-9041 and open a Priority 1 Ticket
  • Technical Services NOC/SOC opens a Priority 1 Ticket

 

bottom