mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-17 05:05:16 +03:00
32 lines
1.2 KiB
Markdown
32 lines
1.2 KiB
Markdown
# Standards References - Post-Incident Lessons Learned
|
|
|
|
## NIST SP 800-61 Rev. 2 - Section 3.4 Post-Incident Activity
|
|
- 3.4.1: Lessons Learned meetings after each significant incident
|
|
- 3.4.2: Using Collected Incident Data for trending and metrics
|
|
- Recommends formal review within days of resolution
|
|
|
|
## NIST SP 800-61 Rev. 3 - Continuous Improvement
|
|
- Recover (RC) function: Learning from incidents
|
|
- RC.CO-03: Recovery activities and progress communicated
|
|
- Emphasis on continuous improvement of IR capabilities
|
|
|
|
## SANS PICERL - Lessons Learned Phase
|
|
- Phase 6: Final phase of incident handling
|
|
- Formal review with all stakeholders
|
|
- Document improvements and update procedures
|
|
|
|
## MITRE ATT&CK - Detection Gap Analysis
|
|
- Map incident techniques to ATT&CK framework
|
|
- Identify detection gaps in current monitoring
|
|
- Develop new detection rules based on observed TTPs
|
|
|
|
## ISO 27001 - Clause 10: Improvement
|
|
- 10.1: Nonconformity and corrective action
|
|
- 10.2: Continual improvement
|
|
- Requires organizations to learn from security incidents
|
|
|
|
## Google SRE Post-Mortem Culture
|
|
- Blameless approach to incident review
|
|
- Focus on systemic issues rather than human error
|
|
- Document and share learnings broadly
|