This whitepaper is for historical reference only. Some content might be outdated and some links might not be available.
9. Create incident response playbooks, and build automation as your security response matures
Management systems must build continuous health checks before the devices get shipped. It’s also important to create incident response playbooks for when those checks identify anomalies, and, as processes mature, automate the containing of events and returning to a known good state. Although it may seem daunting, this doesn’t have to happen all at the same time. This is a process that will continue throughout the lifecycle of the IoT environment, with the complexity and maturity of the program growing over time.
-
Maintain and regularly exercise a security incident response plan to test monitoring functionality.
-
Collect security logs and analyze them in real time using automated tooling. Build playbooks in response to unexpected findings.
-
Create an incident response playbook with clearly understood roles and responsibilities.
-
Test incident response procedures on a periodic basis.
-
As procedures become more stable, automate their implementation but maintain human interaction. As the automated procedures are validated, automate what triggers their implementation.
Supporting AWS resources
AWS provides the following assets and services to help you monitor your security and create incident response playbooks:
-
AWS Systems Manager
– Provides a centralized and consistent way to gather operational insights and carry out routine management tasks.