⭐ Repository → 💼 AWS Well-Architected → 💼 Security → 💼 Incident Response
💼 Preparation
- ID:
/frameworks/aws-well-architected/security/incident-response/sec10
Description
Preparing for an incident is critical for timely and effective incident response. Preparation is done across three domains:
- People: Preparing your people for a security incident involves identifying the relevant stakeholders for incident response and training them on incident response and cloud technologies.
- Process: Preparing your processes for a security incident involves documenting architectures, developing thorough incident response plans, and creating playbooks for consistent response to security events.
- Technology: Preparing your technology for a security incident involves setting up access, aggregating and monitoring necessary logs, implementing effective alerting mechanisms, and developing response and investigative capabilities.
Each of these domains are equally important for effective incident response. No incident response program is complete or effective without all three. You will need to prepare people, processes, and technologies with tight integration in order to be prepared for an incident.
Similar
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 SEC10-BP01 Identify key personnel and external resources | no data | ||||
| 💼 SEC10-BP02 Develop incident management plans | no data | ||||
| 💼 SEC10-BP03 Prepare forensic capabilities | no data | ||||
| 💼 SEC10-BP04 Develop and test security incident response playbooks | no data | ||||
| 💼 SEC10-BP05 Pre-provision access | no data | ||||
| 💼 SEC10-BP06 Pre-deploy tools | no data | ||||
| 💼 SEC10-BP07 Run simulations | no data | ||||
| 💼 SEC10-BP08 Establish a framework for learning from incidents | no data |