Escalation

00:00

In this lesson, we'll talk about defining escalation, work flows and stakeholders who must be involved at each level off case management.

00:08

Who do you go to? If you can't solve a problem?

00:13

Usually the next person you're Escalation chain,

00:16

which is typically a more senior member or leader.

00:20

Enterprise Security case management is a team sport.

00:23

No one individual is responsible for the entire workflow from identification to remediation.

00:29

As a result, it is often basically almost always necessary 14 members to escalate to most in your team members or leadership.

00:39

It's important, as with everything else, to identify escalation points in the case management work for both in the workflow itself, as well as the organizational hierarchy.

00:51

If the stock tame, for example, are responsible for identifying events or incidents,

00:57

to whom do they need to escalate for further investigation?

01:00

Is it someone within the sock? Is that someone in a different internal team?

01:03

Or is it 1/3 party or many service provider?

01:07

Unless this is known at the outset, cases are likely tohave bad outcomes

01:14

identify and communicate to all stakeholders. The points at which a case must be escalated

01:19

do the same for the individuals to whom cases can be escalated at each of these points.

01:25

If this is done successfully, cases should be managed effectively.

01:30

The most likely escalation points in terms off people will be more senior team members, so a junior stock analyst would escalate to a Tier two or three analyst.

01:40

From there, escalation is likely to be to an ad hoc see certain or an internal incident response team, depending on the organizational requirements and the type of incident being investigated.

01:52

Stakeholders from any team affected by the incident should be involved.

01:56

The Sea search, or I Our team should also communicate with senior leadership and bridge the gap between the people working on the incident and nontechnical leaders.

02:05

Communications should be clear and needs to be bi directional in order to succeed in enterprise security case management

02:12

who should be designated as an escalation point during an enterprise security case.

02:20

Senior team members leadership, other teams or third parties can all be designated escalation points.