Contents Security Operations Previous Topic Next Topic Security Incident Web/BBS Defacement flow template Subscribe Log in to subscribe to topics and get notified when content changes. ... SAVE AS PDF Selected Topic Topic & Subtopics All Topics in Contents Share Security Incident Web/BBS Defacement flow template The Security Incident - Web/BBS Defacement - Template allows you to perform a series of tasks designed to handle vandalism directed against one of your organization's BBS or web sites. Before you beginRole required: sn_si.write About this taskThis flow is triggered when the Category in a security incident is set to Web/BBS defacement. Procedure Open the security incident for this occurrence of web or BBS defacement, or create a new security incident. In Category, select Web/BBS defacement. Save the record. Scroll down and open the Response Tasks related list. The first of a series of response tasks appears. Each time the record is saved, your response to the previous task either causes the next response task to be created or the flow to end.Table 1. Response tasks in Web/BBS Defacement Template Response task Action Results Security incident assignment Create a security incident for each reported incident of website or BBS defacement. The next response task is executed. Defacement verified? Determine whether the website or BBS has in fact been defaced. In the task, select Yes or No in Outcome. If you select Yes, the following response tasks are executed: PR process Law enforcement process Determine and eradicate root cause If you select No, the flow ends. PR process Perform the steps necessary to notify the public that the website or BBS has been defaced. When you are finished with the PR process, set the state of the task to Complete or Incomplete as appropriate. The Lessons learned meeting task is executed. Law enforcement process Perform the steps required to engage the appropriate law enforcement agencies regarding the attack. When you are finished, set the state of the task to Complete or Incomplete as appropriate. The Lessons learned meeting task is executed. Determine and eradicate root cause Perform the steps necessary to discover and eliminate the root cause of the defacement. Update the State field in the task as appropriate. If you changed the state of the task to Closed Complete or Cancelled, the next response task is executed. Restore site from backup Perform the steps required to back up and restore the website or BBS. Update the State field in the task as appropriate. If you changed the state of the task to Closed Complete or Cancelled, the next response task is executed. Test and verify site is restored Verify that the site is restored. When you are finished, set the state of the task to Complete or Incomplete as appropriate. The Lessons learned meeting task is executed. Lessons learned meeting Conduct a lessons learned meeting to triage the work performed for this website/BBS defacement incident. Update the State field in the task as appropriate. If you change the state of the task to Closed Complete or Cancelled, the Set state to review task is executed. Set state to review No action required. The State of the security incident is changed automatically to Review. The flow ends. Related tasksSecurity Incident Confidential Data Exposure flow templateSecurity Incident Denial of Service flow templateSecurity Incident Lost Equipment flow templateSecurity Incident Malicious Software flow templateSecurity Incident Phishing flow templateSecurity Incident Policy Violation flow templateSecurity Incident Reconnaissance flow templateSecurity Incident Rogue Server or Service flow templateSecurity Incident Spam flow templateSecurity Incident Unauthorized Access flow template On this page Send Feedback Previous Topic Next Topic
Security Incident Web/BBS Defacement flow template The Security Incident - Web/BBS Defacement - Template allows you to perform a series of tasks designed to handle vandalism directed against one of your organization's BBS or web sites. Before you beginRole required: sn_si.write About this taskThis flow is triggered when the Category in a security incident is set to Web/BBS defacement. Procedure Open the security incident for this occurrence of web or BBS defacement, or create a new security incident. In Category, select Web/BBS defacement. Save the record. Scroll down and open the Response Tasks related list. The first of a series of response tasks appears. Each time the record is saved, your response to the previous task either causes the next response task to be created or the flow to end.Table 1. Response tasks in Web/BBS Defacement Template Response task Action Results Security incident assignment Create a security incident for each reported incident of website or BBS defacement. The next response task is executed. Defacement verified? Determine whether the website or BBS has in fact been defaced. In the task, select Yes or No in Outcome. If you select Yes, the following response tasks are executed: PR process Law enforcement process Determine and eradicate root cause If you select No, the flow ends. PR process Perform the steps necessary to notify the public that the website or BBS has been defaced. When you are finished with the PR process, set the state of the task to Complete or Incomplete as appropriate. The Lessons learned meeting task is executed. Law enforcement process Perform the steps required to engage the appropriate law enforcement agencies regarding the attack. When you are finished, set the state of the task to Complete or Incomplete as appropriate. The Lessons learned meeting task is executed. Determine and eradicate root cause Perform the steps necessary to discover and eliminate the root cause of the defacement. Update the State field in the task as appropriate. If you changed the state of the task to Closed Complete or Cancelled, the next response task is executed. Restore site from backup Perform the steps required to back up and restore the website or BBS. Update the State field in the task as appropriate. If you changed the state of the task to Closed Complete or Cancelled, the next response task is executed. Test and verify site is restored Verify that the site is restored. When you are finished, set the state of the task to Complete or Incomplete as appropriate. The Lessons learned meeting task is executed. Lessons learned meeting Conduct a lessons learned meeting to triage the work performed for this website/BBS defacement incident. Update the State field in the task as appropriate. If you change the state of the task to Closed Complete or Cancelled, the Set state to review task is executed. Set state to review No action required. The State of the security incident is changed automatically to Review. The flow ends. Related tasksSecurity Incident Confidential Data Exposure flow templateSecurity Incident Denial of Service flow templateSecurity Incident Lost Equipment flow templateSecurity Incident Malicious Software flow templateSecurity Incident Phishing flow templateSecurity Incident Policy Violation flow templateSecurity Incident Reconnaissance flow templateSecurity Incident Rogue Server or Service flow templateSecurity Incident Spam flow templateSecurity Incident Unauthorized Access flow template
Security Incident Web/BBS Defacement flow template The Security Incident - Web/BBS Defacement - Template allows you to perform a series of tasks designed to handle vandalism directed against one of your organization's BBS or web sites. Before you beginRole required: sn_si.write About this taskThis flow is triggered when the Category in a security incident is set to Web/BBS defacement. Procedure Open the security incident for this occurrence of web or BBS defacement, or create a new security incident. In Category, select Web/BBS defacement. Save the record. Scroll down and open the Response Tasks related list. The first of a series of response tasks appears. Each time the record is saved, your response to the previous task either causes the next response task to be created or the flow to end.Table 1. Response tasks in Web/BBS Defacement Template Response task Action Results Security incident assignment Create a security incident for each reported incident of website or BBS defacement. The next response task is executed. Defacement verified? Determine whether the website or BBS has in fact been defaced. In the task, select Yes or No in Outcome. If you select Yes, the following response tasks are executed: PR process Law enforcement process Determine and eradicate root cause If you select No, the flow ends. PR process Perform the steps necessary to notify the public that the website or BBS has been defaced. When you are finished with the PR process, set the state of the task to Complete or Incomplete as appropriate. The Lessons learned meeting task is executed. Law enforcement process Perform the steps required to engage the appropriate law enforcement agencies regarding the attack. When you are finished, set the state of the task to Complete or Incomplete as appropriate. The Lessons learned meeting task is executed. Determine and eradicate root cause Perform the steps necessary to discover and eliminate the root cause of the defacement. Update the State field in the task as appropriate. If you changed the state of the task to Closed Complete or Cancelled, the next response task is executed. Restore site from backup Perform the steps required to back up and restore the website or BBS. Update the State field in the task as appropriate. If you changed the state of the task to Closed Complete or Cancelled, the next response task is executed. Test and verify site is restored Verify that the site is restored. When you are finished, set the state of the task to Complete or Incomplete as appropriate. The Lessons learned meeting task is executed. Lessons learned meeting Conduct a lessons learned meeting to triage the work performed for this website/BBS defacement incident. Update the State field in the task as appropriate. If you change the state of the task to Closed Complete or Cancelled, the Set state to review task is executed. Set state to review No action required. The State of the security incident is changed automatically to Review. The flow ends. Related tasksSecurity Incident Confidential Data Exposure flow templateSecurity Incident Denial of Service flow templateSecurity Incident Lost Equipment flow templateSecurity Incident Malicious Software flow templateSecurity Incident Phishing flow templateSecurity Incident Policy Violation flow templateSecurity Incident Reconnaissance flow templateSecurity Incident Rogue Server or Service flow templateSecurity Incident Spam flow templateSecurity Incident Unauthorized Access flow template
