Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Foreword
Preface
Conventions Used in This Book
O’Reilly Safari
How to Contact Us
Acknowledgments
1. Evaluating the Incident Response PROCESS
Predictable
Repeatable
Optimized
Clear
Evaluated
Scalable
Sustainable
Summary
2. The Incident Management System (IMS)
Overview of Incident Command
The Culture of Incident Response
Common Terminology for Job Functions
Summary
3. The Incident Commander (IC)
Resolving the Incident
Communication Methods
Incident Commander to single resource (SME)
Incident Commander to group
SME to SME, or group discussion
Developing the Incident Action Plan
Size Up the Incident
Initial actions
Triage
Act
Information stewardship
Review
It’s All About TIME
Tone
Interaction
Responder personality types
The Awesome Contributor
The Quiet One
The Naysayer
The Overbearing One
The Over Explainer
The Joker
The Uncertain Contributor
The Gunslinger
The Interrupter
The Grenade Thrower
The Chicken Little
The Lurker
The Jumper (to Conclusions)
The Tunnel Rat
Management
Engagement
Summary
4. Scaling the Incident Response
Incident Response and Escalation
Span of Control
Transfer of Command
Summary
5. Unified Command (UC)
UC in Action
The UC Planning Wheel
Planning Wheel in Action
UC Org Chart
UC Case Study
Launching UC: The Programmatic Backend
Key UC Positions and Checklists
Unified Command leader (UCL)
On-call executive (OCE)
Group leader (GL)
Summary
6. After Action Review (AAR)
The Name Is Important
AAR as an Integrated Effort
AAR Documentation and Data Collection
Documenting an Incident: A Case Study
Timeline
Case Study AAR
Training
Accountability
Leadership
Empowerment
Notification
Trust
AAR Case Study: The New SME
Issue Identified During the AAR
Change Recommendations from the AAR
Summary
Index
← Prev
Back
Next →
← Prev
Back
Next →