Hermes Agent
24 lines
871 B
Markdown
24 lines
871 B
Markdown
# GreySec Cyber Security Incident Response Plan (CSIRP)
|
|
|
|
Standardized incident response procedures following NIST SP 800-61.
|
|
|
|
## Structure
|
|
|
|
- `containment/` - Initial containment procedures and isolation steps
|
|
- `eradication/` - Threat removal and vulnerability remediation
|
|
- `recovery/` - System restoration and monitoring procedures
|
|
- `post-incident/` - Lessons learned and process improvement
|
|
- `templates/` - IR forms, checklists, and report templates
|
|
|
|
## Severity Levels
|
|
|
|
| Level | Description | Response Time |
|
|
|-------|-------------|---------------|
|
|
| Critical | Active breach, data exfiltration | Immediate |
|
|
| High | Confirmed malware, unauthorized access | 1 hour |
|
|
| Medium | Suspected intrusion, investigation needed | 4 hours |
|
|
| Low | Policy violation, minor anomaly | 24 hours |
|
|
|
|
## Usage
|
|
|
|
See individual playbook directories for phase-specific procedures. |