creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-15 15:34:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/conducting-post-incident-lessons-learned/references/standards.md
T

1.2 KiB
Raw Blame History

Standards References - Post-Incident Lessons Learned

NIST SP 800-61 Rev. 2 - Section 3.4 Post-Incident Activity

  • 3.4.1: Lessons Learned meetings after each significant incident
  • 3.4.2: Using Collected Incident Data for trending and metrics
  • Recommends formal review within days of resolution

NIST SP 800-61 Rev. 3 - Continuous Improvement

  • Recover (RC) function: Learning from incidents
  • RC.CO-03: Recovery activities and progress communicated
  • Emphasis on continuous improvement of IR capabilities

SANS PICERL - Lessons Learned Phase

  • Phase 6: Final phase of incident handling
  • Formal review with all stakeholders
  • Document improvements and update procedures

MITRE ATT&CK - Detection Gap Analysis

  • Map incident techniques to ATT&CK framework
  • Identify detection gaps in current monitoring
  • Develop new detection rules based on observed TTPs

ISO 27001 - Clause 10: Improvement

  • 10.1: Nonconformity and corrective action
  • 10.2: Continual improvement
  • Requires organizations to learn from security incidents

Google SRE Post-Mortem Culture

  • Blameless approach to incident review
  • Focus on systemic issues rather than human error
  • Document and share learnings broadly
Reference in New Issue View Git Blame Copy Permalink