-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathcloud_data_breach.json
57 lines (56 loc) · 2.06 KB
/
cloud_data_breach.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
{
"name": "CloudDataBreach",
"display_name": "Cloud Data Breach",
"description": "A case template for handling cloud data breach incidents",
"author": "DFIR-IRIS",
"title_prefix": "[CLOUD]",
"summary": "Investigation and mitigation of a cloud data breach",
"tags": ["cloud", "data breach"],
"classification": "intrusion:application-compromise",
"tasks": [
{
"title": "Identify affected data",
"description": "Determine the scope of the breach by identifying affected data and systems",
"tags": ["data", "scope"]
},
{
"title": "Assess breach impact",
"description": "Evaluate the potential impact of the breach on organizational operations and assets",
"tags": ["impact", "assessment"]
},
{
"title": "Secure compromised systems",
"description": "Secure compromised systems by changing access controls, patching vulnerabilities, or other necessary steps",
"tags": ["security", "access controls"]
},
{
"title": "Notify affected parties",
"description": "Notify affected parties about the breach, in accordance with legal and regulatory requirements",
"tags": ["notification", "regulatory requirements"]
},
{
"title": "Implement security improvements",
"description": "Implement and update security measures to prevent future data breaches",
"tags": ["security", "prevention"]
}
],
"note_groups": [
{
"title": "Cloud data breach details",
"notes": [
{
"title": "Breach description",
"content": "Details of the data breach, including the time of occurrence, how it was discovered, and suspected causes"
},
{
"title": "Affected data",
"content": "List of affected data and systems"
},
{
"title": "Security measures",
"content": "Summary of the security measures implemented to prevent future data breaches"
}
]
}
]
}