Time
1 hour 4 minutes
Difficulty
Advanced
CEU/CPE
1

Video Transcription

00:00
In this lesson, we'll talk about factors which affect the classification of an incident. Impact versus urgency
00:07
and incident priority matrices.
00:10
What is the difference between severity and priority in relation to security events and incidents?
00:18
Severity is based on the impact an event or incident might have.
00:21
Priority is informed by severity and determines in which order incidents should be resolved
00:29
in terms of how serious an event or incident is, there are two primary scales which I used
00:35
priority and severity.
00:38
Severity is used primarily to define the level of impact a case might have on an organization.
00:44
Priority is informed by the level of severity and determines the order in which events or incidents must be resolved.
00:51
Severity levels are usually based on a numerical scale like severity 12 or three
00:57
with severity. One is a critical case, and severity three has low impact on business operations.
01:03
For example,
01:04
a bank provides an Internet banking facility to its customers and due to an incident, this facility is taken off line.
01:11
Because this facility is customer facing, this would likely be considered a severity one incident.
01:18
Alternatively, an incident which causes an internal Internet page to become unavailable, while inconvenient, would likely have a much lower impact and so be righted at a lower severity level.
01:30
In the case of the customer facing incident, the urgency to resolve the issue would be very high
01:36
as both the impact, the severity and urgency of the instant are high. The priority assigned to the incident would likewise be high.
01:46
Priority is usually rated on a scale one of high, medium and low
01:49
and potentially 1/4 writing, which is purely informational
01:53
so that there is less confusion among stakeholders when declaring and responding to incidents for enterprise security Case management
02:00
Priority matrices, a used
02:02
matrices, are an easy to read representation of where a case is likely to fall in terms off severity and priority like this,
02:12
incidents or cases with high impact and high urgency are severity one.
02:16
As we move down and right in the Matrix, incidents become less severe and less urgent until we have events which have very little impact of the business and so classified as such.
02:28
Defining severity M priority criteria for your security team and organization before a security case arises is essential for correct management off security cases.
02:38
The difference between a case which affect all customers or all business units should be considered and acted upon differently
02:46
in a case which affect a small subset of users.
02:49
When all stakeholders know and understand this process ahead of time, cases will progress much more efficiently and effectively.
02:57
Why are severity and priority important for enterprise security? Case management,
03:05
correct classifications and prioritization lead to the best outcomes.
03:09
In this lesson, we covered factors which affect the classifications off an incident
03:15
impact versus urgency
03:16
as well as incident priority matrices.

Up Next

Enterprise Security Case Management

In this online course about Enterprise Security Case Management, you will learn about tools and techniques which help cybersecurity practitioners manage evidence and related case data to preserve their integrity.

Instructed By

Instructor Profile Image
Seth Enoka
Consultant
Instructor