In this lesson, we'll talk about factors which affect the classification of an incident. Impact versus urgency
and incident priority matrices.
What is the difference between severity and priority in relation to security events and incidents?
Severity is based on the impact an event or incident might have.
Priority is informed by severity and determines in which order incidents should be resolved
in terms of how serious an event or incident is, there are two primary scales which I used
priority and severity.
Severity is used primarily to define the level of impact a case might have on an organization.
Priority is informed by the level of severity and determines the order in which events or incidents must be resolved.
Severity levels are usually based on a numerical scale like severity 12 or three
with severity. One is a critical case, and severity three has low impact on business operations.
a bank provides an Internet banking facility to its customers and due to an incident, this facility is taken off line.
Because this facility is customer facing, this would likely be considered a severity one incident.
Alternatively, an incident which causes an internal Internet page to become unavailable, while inconvenient, would likely have a much lower impact and so be righted at a lower severity level.
In the case of the customer facing incident, the urgency to resolve the issue would be very high
as both the impact, the severity and urgency of the instant are high. The priority assigned to the incident would likewise be high.
Priority is usually rated on a scale one of high, medium and low
and potentially 1/4 writing, which is purely informational
so that there is less confusion among stakeholders when declaring and responding to incidents for enterprise security Case management
Priority matrices, a used
matrices, are an easy to read representation of where a case is likely to fall in terms off severity and priority like this,
incidents or cases with high impact and high urgency are severity one.
As we move down and right in the Matrix, incidents become less severe and less urgent until we have events which have very little impact of the business and so classified as such.
Defining severity M priority criteria for your security team and organization before a security case arises is essential for correct management off security cases.
The difference between a case which affect all customers or all business units should be considered and acted upon differently
in a case which affect a small subset of users.
When all stakeholders know and understand this process ahead of time, cases will progress much more efficiently and effectively.
Why are severity and priority important for enterprise security? Case management,
correct classifications and prioritization lead to the best outcomes.
In this lesson, we covered factors which affect the classifications off an incident
impact versus urgency
as well as incident priority matrices.