5

I have been trying to find a definition of triage in relation to Information Security but cannot find any online. From the different examples given online (i.e. medical world), it seems related to determining the incidents priority/urgency and putting it in relation to your other issues.

Does this seem correct or is it something else?

user92592
  • 544
  • 1
  • 5
  • 13

2 Answers2

2

Yes, it's not got a distinct meaning in information security - from dictionary.com:

the determination of priorities for action

So, deal with the most critical problems first, working down the list of known issues, trying to minimise the overall problems you can face.

Usually goes something along the lines of:

  1. Make sure no-one else can get into the system
  2. Take an image of the system
  3. Rebuild the system from known good
  4. Find out exactly what went wrong in great detail
Matthew
  • 27,233
  • 7
  • 87
  • 101
  • 3
    I disagree that the four steps here constitute "triage" and that they should always be carried out in the order suggested. For me, its about identifying what needs to be done immediately (to limit further damage) and to determine the prioritization for full response. – symcbean Mar 14 '16 at 13:42
  • @symcbean I don't think we're disagreeing the point here - it's a very high level idea of incident response triage, in a slightly tongue-in-cheek phrasing. – Matthew Mar 14 '16 at 13:52
  • While I disagree that these 4 steps are what "triage" is, I do not think that is Matthew's point. Those are typical steps as part of the processes around triage. The main point is that 'triage' is about setting priorities. – schroeder Mar 19 '17 at 11:08
-4

detect, identify, notify these three are called Triage

prasath
  • 1
  • 4
    As an Incident Response Manager, I do not think your list matches the industry expectations. Triage happens after detection and notification. It's about prioritization. Do you have a source for these 3 things being a definition of 'triage'? – schroeder Mar 19 '17 at 11:06