Priority and Severity

00:00

In this lesson, we'll talk about factors which affect the classification of an incident. Impact versus urgency

00:07

and incident priority matrices.

00:10

What is the difference between severity and priority in relation to security events and incidents?

00:18

Severity is based on the impact an event or incident might have.

00:21

Priority is informed by severity and determines in which order incidents should be resolved

00:29

in terms of how serious an event or incident is, there are two primary scales which I used

00:35

priority and severity.

00:38

Severity is used primarily to define the level of impact a case might have on an organization.

00:44

Priority is informed by the level of severity and determines the order in which events or incidents must be resolved.

00:51

Severity levels are usually based on a numerical scale like severity 12 or three

00:57

with severity. One is a critical case, and severity three has low impact on business operations.

01:03

For example,

01:04

a bank provides an Internet banking facility to its customers and due to an incident, this facility is taken off line.

01:11

Because this facility is customer facing, this would likely be considered a severity one incident.

01:18

Alternatively, an incident which causes an internal Internet page to become unavailable, while inconvenient, would likely have a much lower impact and so be righted at a lower severity level.

01:30

In the case of the customer facing incident, the urgency to resolve the issue would be very high

01:36

as both the impact, the severity and urgency of the instant are high. The priority assigned to the incident would likewise be high.

01:46

Priority is usually rated on a scale one of high, medium and low

01:49

and potentially 1/4 writing, which is purely informational

01:53

so that there is less confusion among stakeholders when declaring and responding to incidents for enterprise security Case management

02:00

Priority matrices, a used

02:02

matrices, are an easy to read representation of where a case is likely to fall in terms off severity and priority like this,

02:12

incidents or cases with high impact and high urgency are severity one.

02:16

As we move down and right in the Matrix, incidents become less severe and less urgent until we have events which have very little impact of the business and so classified as such.

02:28

Defining severity M priority criteria for your security team and organization before a security case arises is essential for correct management off security cases.

02:38

The difference between a case which affect all customers or all business units should be considered and acted upon differently

02:46

in a case which affect a small subset of users.

02:49

When all stakeholders know and understand this process ahead of time, cases will progress much more efficiently and effectively.

02:57

Why are severity and priority important for enterprise security? Case management,

03:05

correct classifications and prioritization lead to the best outcomes.

03:09

In this lesson, we covered factors which affect the classifications off an incident

03:15

impact versus urgency