jonathan@researchcomputingteams.org
This resource first appeared in issue #22 on 01 May 2020 and has tags Technical Leadership: Other, Technical Leadership: Systems: Incident Handling
How to create an incident response playbook - Blake Thorne, Atlassian
This is a really good starting point for putting together an incident response playbook, and includes links to Atlassian’s own playbooks and a workshop on incident communication.
This is something we’re working on in our own team. We’re not there yet, but we’re getting there. On the other hand, colleagues-of-colleagues of mine were involved in a major incident recently in an organization where there were lots of security policies in place about keys and ciphers (good), security architecture like DMZs, bastion hosts etc (good), but nothing really like a playbook or even an incidence response approach, which meant critical decisions were being made as they went along. That meant response was slower, more halting, and more stressful than it needed to be for either the staff or the researchers relying on that resource.
In research computing there’s understandable resistance to the extremely process-bound approach that corporate IT requires, because change happens so quickly. All well and good. But we’re professionals, and we have professional obligations to the researchers we support.
No playbook will tell you all the answers to an unfolding incident, and playbooks will often have to be updated in light of what you learned from a past incident. But having some pre-agreed-upon clarity on how to make certain decisions at the start frees you to focus the harried decision making on the things that are actually particular to the incident you’re responding to. This is a good way of getting started.
