 |
|||||||||||||||||||||
|
From the desk of: Sam C. Chan |
|||||||||||||||||||||
|
First published: March 9,
2009
Last update: May 1, 2018 |
|||||||||||||||||||||
Security Incident Response (SIR)
Levels
* Within my IT jurisdiction**, BTC default policies*** in effect—unless your firm-specific policies/guidelines exist, communicated to me, and we explicitly agreed on scope & extend of superseding clauses. ** "IT jurisdiction" is de facto and unilaterally declared by BTC: applicable to BOTH retainer sites and T&M sites. Should you object (in name, or in practice), feel free to speak up, and we will amend accordingly. This is related to the "modes" which I allude to often. *** default policy is already comprehensive and tiered (not 1 size fits all), according to firm's business nature and implied/committed IT attentiveness level, per my 2006 memo to you, along with 2007 memo on preparedness quotient, referring back to my 2000 memo on DIFA. SIR Levels: only a tiny aspect of overall Bravo SIR Doctrine—originally based on NIST governance-focused incident response process. It has since gone through numerous generational transformation, and deviates very significantly, as it stands today. Notable, a few pertinent elements from US-CERT have been incorporated. It is now said to be "inspired by" 800-61 & its predecessor 800-3, but mostly an original creation. |
|||||||||||||||||||||
|
|
|||||||||||||||||||||