Define Response Mechanisms - AWS Security Incident Response Guide

Define Response Mechanisms

Your response mechanism depends on your governance, risk, and compliance (GRC) model. Ideally, your GRC model is built before you plan for incident response. If you have not started building a GRC, it is a necessary first step to building out a good incident response mechanism. When you consider your approach to incident response in the cloud, in unison with other teams (such as your legal counsel, leadership, business stakeholders, and others), you must understand what you have and what you need. Identify stakeholders and relevant contacts, and make sure you have appropriate access to perform the necessary response.

Although the cloud can provide you with greater visibility and capabilities through service APIs, your GRC model shows you how to use these in your response. Identify your team's AWS account numbers, the IP ranges of your Virtual Private Clouds (VPCs), corresponding network diagrams, logs, data locations, and data classifications. Many of these technological processes are included in the Prepare – Technology section. Then, begin documenting your incident response procedures, often referred to as procedures or runbooks, that define the steps to investigate and remediate an incident.