Incident Response - STIXProject/use-cases GitHub Wiki
Incident Response
Abstraction Level (High, Medium or Low): High
Related Use Cases:
- Sub-use-case of Managing Cyber Threat Response Activities
Description: Incident response personnel are responsible for the response to a cybersecurity incident, including:
- Managing cleanup and recovery
- Performing forensics investigations
- Reporting the incident as required by policy or law
- Notifying affected users (and others affected by the incident)
- Coordinating with law enforcement or other government organizations
- Working with external incident response teams and managed security service providers
Through the course of this process the incident response team must track and coordinate incident information related to the above activities.
Stakeholders/Goals:
- Stakeholder: Stakeholder description (replace with your content)
- Goal: Goal description (replace with your content)
Preconditions:
- Precondition description (replace with your content)
Dependencies:
- Dependency description (replace with your content)
Main Success Scenario:
- Scenario description (replace with your content)