-
Notifications
You must be signed in to change notification settings - Fork 3
Use Case: Incident Response
Abstraction Level (High, Medium or Low): High
Related Use Cases:
- Sub-use-case of Managing Cyber Threat Response Activities
Description: Cyber operations personnel respond to detections of potential cyber threats, investigate what has occurred or is occurring, attempt to identify and characterize the nature of the actual threat, and potentially carry out specific mitigating or corrective courses of action. For example, in the case of a confirmed phishing attack, cyber operations personnel may conduct investigative activities to determine whether the phishing attack was successful in carrying out negative effects within the target environment (e.g., was malware installed or run) and if so, attempt to characterize in detail those effects (e.g., which systems were affected by malware, what data was exfiltrated, etc.). Once the effects are understood, cyber operations personnel would implement appropriate mitigating or corrective courses of action (e.g. wipe and restore systems, block exfiltration channels, etc.).
Stakeholders/Goals:
- Stakeholder: Stakeholder description (replace with your content)
- Goal: Goal description (replace with your content)
Preconditions:
- Precondition description (replace with your content)
Dependencies:
- Dependency description (replace with your content)
Main Success Scenario:
- Scenario description (replace with your content)