-
Notifications
You must be signed in to change notification settings - Fork 225
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
1e58aed
commit 3921d2f
Showing
3 changed files
with
141 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| ## Playbook: Identity and Access Compromise | ||
|
|
||
| **Investigate, remediate (contain, eradicate), and communicate in parallel!** | ||
|
|
||
| Assign steps to individuals or teams to work concurrently, when possible; this playbook is not purely sequential. Use your best judgment. | ||
|
|
||
| ### Investigate | ||
|
|
||
| `TODO: Expand investigation steps, including key questions and strategies, for identity and access compromise.` | ||
|
|
||
| 1. TODO | ||
|
|
||
| ### Remediate | ||
|
|
||
| * **Plan remediation events** where these steps are launched together (or in coordinated fashion), with appropriate teams ready to respond to any disruption. | ||
| * **Consider the timing and tradeoffs** of remediation actions: your response has consequences. | ||
|
|
||
| #### Contain | ||
|
|
||
| `TODO: Customize containment steps, tactical and strategic, for identity and access compromise.` | ||
|
|
||
| `TODO: Specify tools and procedures for each step, below.` | ||
|
|
||
| * TODO | ||
|
|
||
| `TODO: Consider automating containment measures using orchestration tools.` | ||
|
|
||
| #### Eradicate | ||
|
|
||
| `TODO: Customize eradication steps, tactical and strategic, for identity and access compromise.` | ||
|
|
||
| `TODO: Specify tools and procedures for each step, below.` | ||
|
|
||
| * TODO | ||
|
|
||
| #### Reference: Remediation Resources | ||
|
|
||
| `TODO: Specify financial, personnel, and logistical resources to accomplish remediation.` | ||
|
|
||
| ### Communicate | ||
|
|
||
| `TODO: Customize communication steps for identity and access compromise` | ||
|
|
||
| `TODO: Specify tools and procedures (including who must be involved) for each step, below, or refer to overall plan.` | ||
|
|
||
| In addition to the general steps and guidance in the incident response plan: | ||
|
|
||
| 1. TODO | ||
|
|
||
| ### Recover | ||
|
|
||
| `TODO: Customize recovery steps for identity and access compromise.` | ||
|
|
||
| `TODO: Specify tools and procedures for each step, below.` | ||
|
|
||
| In addition to the general steps and guidance in the incident response plan: | ||
|
|
||
| 1. TODO | ||
|
|
||
| ### Resources | ||
|
|
||
| #### Additional Information | ||
|
|
||
| 1. <a name="identity-and-access-playbook-ref-1"></a>["Title"](#TODO-url), Author Last Name (Date) | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| ## Playbook: Supply Chain Compromise | ||
|
|
||
| **Investigate, remediate (contain, eradicate), and communicate in parallel!** | ||
|
|
||
| Assign steps to individuals or teams to work concurrently, when possible; this playbook is not purely sequential. Use your best judgment. | ||
|
|
||
| ### Investigate | ||
|
|
||
| `TODO: Expand investigation steps, including key questions and strategies, for supply chain compromise.` | ||
|
|
||
| 1. TODO | ||
|
|
||
| ### Remediate | ||
|
|
||
| * **Plan remediation events** where these steps are launched together (or in coordinated fashion), with appropriate teams ready to respond to any disruption. | ||
| * **Consider the timing and tradeoffs** of remediation actions: your response has consequences. | ||
|
|
||
| #### Contain | ||
|
|
||
| `TODO: Customize containment steps, tactical and strategic, for supply chain compromise.` | ||
|
|
||
| `TODO: Specify tools and procedures for each step, below.` | ||
|
|
||
| * TODO | ||
|
|
||
| `TODO: Consider automating containment measures using orchestration tools.` | ||
|
|
||
| #### Eradicate | ||
|
|
||
| `TODO: Customize eradication steps, tactical and strategic, for supply chain compromise.` | ||
|
|
||
| `TODO: Specify tools and procedures for each step, below.` | ||
|
|
||
| * TODO | ||
|
|
||
| #### Reference: Remediation Resources | ||
|
|
||
| `TODO: Specify financial, personnel, and logistical resources to accomplish remediation.` | ||
|
|
||
| ### Communicate | ||
|
|
||
| `TODO: Customize communication steps for supply chain compromise` | ||
|
|
||
| `TODO: Specify tools and procedures (including who must be involved) for each step, below, or refer to overall plan.` | ||
|
|
||
| In addition to the general steps and guidance in the incident response plan: | ||
|
|
||
| 1. TODO | ||
|
|
||
| ### Recover | ||
|
|
||
| `TODO: Customize recovery steps for supply chain compromise.` | ||
|
|
||
| `TODO: Specify tools and procedures for each step, below.` | ||
|
|
||
| In addition to the general steps and guidance in the incident response plan: | ||
|
|
||
| 1. TODO | ||
|
|
||
| ### Resources | ||
|
|
||
| #### Additional Information | ||
|
|
||
| 1. <a name="supply-chain-playbook-ref-1"></a>["Title"](#TODO-url), Author Last Name (Date) | ||
|
|