MD3 The value of cybersecurity playbooks Flashcards
The value of cybersecurity playbooks
A playbook is a manual that provides details about any operational action. They provide security analysts with instructions on exactly what to do when an incident occurs.
Playbooks provide security professionals with a clear picture of their tasks during the entire incident response life cycle.
Playbooks offer structure and order during this time by clearly outlining the actions to take when responding to a specific incident. By following a playbook, security teams can reduce any guesswork and uncertainty during response times. This allows security teams to act quickly and without any hesitation. Without playbooks, an effective and swift response to an incident is nearly impossible.
Within playbooks, there may be checklists that can also help security teams perform effectively during stressful times by helping them remember to complete each step in the incident response life cycle.
A great time to introduce changes to playbooks is during the post-incident activity phase. We’ll be exploring more about this phase in an upcoming section. Meet you there.
3 different types of playbooks
- Automated
- non automated
- semi- automated
Automated
Automated playbooks automate tasks in incident response processes. For example, tasks such as categorizing the severity of the incident or gathering evidence can be done using an automated playbook. Automated playbooks can help lower the time to resolution during an incident. SOAR and SIEM tools can be configured to automate playbooks.
semi - automated
Finally, semi-automated playbooks combine a person’s action with automation.
Tedious, error-prone, or time-consuming tasks can be automated, while analysts can prioritize their time with other tasks. Semi-automated playbooks can help increase productivity and decrease time to resolution.