SlideShare a Scribd company logo

Incident Management Framework

J
JohnPereira62

The document outlines Rentman's approach to incident response, aimed at enhancing organizational resilience and reducing knowledge loss in the event of system failures. It details the steps for creating an incident response plan, emphasizing the importance of documentation, coordination, and continuous learning from incidents. Key goals include maintaining communication and control during incidents and ensuring a blame-free environment for improvement.

Technology
1 of 26
Downloaded 16 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Incident Management Framework
Preparing for System Failure Our Approach at Rentman
About Me - Software Architect at Gapstars / Rentman - ~15 years of experience, mistakes and learning - Primarily APIs and Web tech - I sporadically blog on randomcoding.com - I tweet as @jomanlk
About Rentman - Provides resource management and planning for the AV & Event industry - Industry leader in rentals management for the events industry - 10+ years in the events space - Customers across 75 countries - 70+ employees spread across NA, Europe and Sri Lanka - Tech stack primarily on AWS - Most services multi region / multi AZ - Primarily running on top of AWS ECS - Heavily use Atlassian products
Agenda - Introduction ← - Approach - Learnings
Why Now, for Rentman? - Increase our ‘bus factor’ - Reduce loss of institutional knowledge - Increase active monitoring coverage - Growing pains. Reduce stress & panic
What Is An Incident Response Plan? - Well defined framework to deal with incidents - No ambiguity - Clear command structure - Refer the Incident Command System (ICS) “An incident response plan is a document that outlines an organization's procedures, steps, and responsibilities of its incident response program.”
Goals: The 3 Cs - Coordinate response effort. - Communicate between incident responders, within the organization, and to the outside world. - Maintain control over the incident response.
The Approach
Step 0 - Documentation - Documentation - Create a Playbook - Setup Teams & Organizational support - Tiered teams. T1, T2
Incident Response Phases Triage Coordinate Mitigate Resolve Learnings
Incident Management Framework
Common Terms - IC: Incident Commander - CL: Comms lead - LI: Lead investigator - DS: Domain specialist
Triage - What’s going on? - How bad is it? - Depends on - Monitoring - User reports - P3, P2? - Not great, but it can wait - P1 - BIG problem
Triage
Coordinate - Use tooling - Scheduling - Alerting - Who needs to be involved? - Small incident? - Big incident? - Who’s available?
Coordinate
Mitigate - STOP THE BLEED! - Goal ≠ Finding and fixing issue - Goal = Get things working - Collaborate - Keep it DRY - Keep it documented Reviewing recent releases Disabling demo creation Support is asking me for an update, do we have anything? Joining the incident response! Where are we at?
Mitigate Reviewing recent releases Disabling demo creation Support is asking me for an update, do we have anything? Joining the incident response! Where are we at?
Resolve - Make sure the root cause is addressed - This could be days or sometimes weeks after incident Creating hotfix branch Added extra logs for this specific issue
Resolve Creating hotfix branch Added extra logs for this specific issue
Follow Up - Document the JIRA issue timeline - Psychological Safety - Learn from the experience - Failure is in process not individual - Blame free / Owned by team - Review the process - What went well / not well? - What was missing? Improvements to process Additional logging added Learnings Create RCA
The Learnings
Learnings - Leverage existing workflows / tools - Practice. Practice. Practice. - Breakathons - Simulations
Learnings Continued - Plan. Do. Review. Improve. - Incorporate Organizational Requirements Early - Compensation for on-call - Uptime guarantees - SLA with customers
Fin. - Questions: Stay tuned for the panel discussion - Want to reach out? - @jomanlk on Twitter - linkedin.com/in/jnxpereira on LinkedIn - john@jnx.me on Email

More Related Content

PDF
Managing a Major Incident
NUS-ISS
 
PDF
ITIL Incident Management Workflow PowerPoint Presentation Slides
SlideTeam
 
PDF
ITIL Incident Management Workflow - Process Guide
Flevy.com Best Practices
 
PPTX
What Is Incident Management | Incident Management Process | ITIL V4 Foundatio...
Simplilearn
 
PPTX
QRadar, ArcSight and Splunk
M sharifi
 
PDF
Incident Management PowerPoint Presentation Slides
SlideTeam
 
PPTX
SIEM presentation final
Rizwan S
 
PPTX
Security Information and Event Management (SIEM)
k33a
 
Managing a Major Incident
NUS-ISS
 
ITIL Incident Management Workflow PowerPoint Presentation Slides
SlideTeam
 
ITIL Incident Management Workflow - Process Guide
Flevy.com Best Practices
 
What Is Incident Management | Incident Management Process | ITIL V4 Foundatio...
Simplilearn
 
QRadar, ArcSight and Splunk
M sharifi
 
Incident Management PowerPoint Presentation Slides
SlideTeam
 
SIEM presentation final
Rizwan S
 
Security Information and Event Management (SIEM)
k33a
 

What's hot (20)

PDF
Incident Management Best Practices
TechExcel
 
PDF
BIA - Example of Business Impact Analysis and Dependencies
Ramiro Cid
 
PPTX
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
PDF
Patch and Vulnerability Management
Marcelo Martins
 
PDF
Threat Hunting
Splunk
 
PDF
INCIDENT RESPONSE NIST IMPLEMENTATION
Sylvain Martinez
 
PDF
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
PDF
Cyber threat intelligence ppt
Kumar Gaurav
 
PDF
Incident Response Swimlanes
Daniel P Wallace
 
PPTX
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels
 
PPT
Incident Management
Abhishek Agnihotry
 
PPTX
ITIL Incident management
ManageEngine
 
PPTX
Security operation center (SOC)
Ahmed Ayman
 
PDF
Building an effective Information Security Roadmap
Elliott Franklin
 
PDF
Endpoint Detection & Response - FireEye
Prime Infoserv
 
PPTX
SIEM : Security Information and Event Management
SHRIYARAI4
 
PDF
IT4IT BCS
Tony Price
 
PDF
NIST cybersecurity framework
Shriya Rai
 
PDF
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
PPTX
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Incident Management Best Practices
TechExcel
 
BIA - Example of Business Impact Analysis and Dependencies
Ramiro Cid
 
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
Patch and Vulnerability Management
Marcelo Martins
 
Threat Hunting
Splunk
 
INCIDENT RESPONSE NIST IMPLEMENTATION
Sylvain Martinez
 
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
Cyber threat intelligence ppt
Kumar Gaurav
 
Incident Response Swimlanes
Daniel P Wallace
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels
 
Incident Management
Abhishek Agnihotry
 
ITIL Incident management
ManageEngine
 
Security operation center (SOC)
Ahmed Ayman
 
Building an effective Information Security Roadmap
Elliott Franklin
 
Endpoint Detection & Response - FireEye
Prime Infoserv
 
SIEM : Security Information and Event Management
SHRIYARAI4
 
IT4IT BCS
Tony Price
 
NIST cybersecurity framework
Shriya Rai
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Ad

Similar to Incident Management Framework (20)

PDF
ITSM in an Agile World - Scott Goh-Davis, Solutions Engineer APAC, Atlassian ...
Amazon Web Services Korea
 
PDF
[Atlassian meets dev ops and itsm] itsm in an agile world atlassian scott
Open Source Consulting
 
PDF
GCP-pdevops devops engineer exam prepearitaon guide
skooldevops
 
PDF
Paging, Alerting, Chaos Eng Overview
matthewbrahms
 
PPTX
DIY guide to runbooks, incident reports, and incident response
Nathan Case
 
PDF
Incident Response and SAP Systems
Onapsis Inc.
 
PPTX
SAST Managed Services for SAP [Webinar]
akquinet enterprise solutions GmbH
 
PPTX
Inside SecOps at bet365
Splunk
 
PPT
Business Continuity and Disaster Recovery for the Modern Office
Dawn Simpson
 
PDF
S.R.E - create ultra-scalable and highly reliable systems
Ricardo Amaro
 
PPTX
ISACA Ireland Keynote 2015
Shannon Lietz
 
PDF
Corona| COVID IT Tactical Security Preparedness: Threat Management
RedZone Technologies
 
PDF
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk
 
PDF
How to Build an Invincible Incident Management Plan
DevOps.com
 
PPTX
How Dealertrack Optimizes the DevOps Toolchain, FutureStack17
New Relic
 
PDF
Webinar: Demonstrating Business Value for DevOps & Continuous Delivery
XebiaLabs
 
PPTX
SplunkLive! Paris 2018: Event Management Is Dead
Splunk
 
PPTX
DevSecCon Keynote
Shannon Lietz
 
PPTX
DevSecCon KeyNote London 2015
Shannon Lietz
 
PPTX
Tenable_One_Sales_Presentation_for_Customers.pptx
alex hincapie
 
ITSM in an Agile World - Scott Goh-Davis, Solutions Engineer APAC, Atlassian ...
Amazon Web Services Korea
 
[Atlassian meets dev ops and itsm] itsm in an agile world atlassian scott
Open Source Consulting
 
GCP-pdevops devops engineer exam prepearitaon guide
skooldevops
 
Paging, Alerting, Chaos Eng Overview
matthewbrahms
 
DIY guide to runbooks, incident reports, and incident response
Nathan Case
 
Incident Response and SAP Systems
Onapsis Inc.
 
SAST Managed Services for SAP [Webinar]
akquinet enterprise solutions GmbH
 
Inside SecOps at bet365
Splunk
 
Business Continuity and Disaster Recovery for the Modern Office
Dawn Simpson
 
S.R.E - create ultra-scalable and highly reliable systems
Ricardo Amaro
 
ISACA Ireland Keynote 2015
Shannon Lietz
 
Corona| COVID IT Tactical Security Preparedness: Threat Management
RedZone Technologies
 
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk
 
How to Build an Invincible Incident Management Plan
DevOps.com
 
How Dealertrack Optimizes the DevOps Toolchain, FutureStack17
New Relic
 
Webinar: Demonstrating Business Value for DevOps & Continuous Delivery
XebiaLabs
 
SplunkLive! Paris 2018: Event Management Is Dead
Splunk
 
DevSecCon Keynote
Shannon Lietz
 
DevSecCon KeyNote London 2015
Shannon Lietz
 
Tenable_One_Sales_Presentation_for_Customers.pptx
alex hincapie
 
Ad

Recently uploaded (20)

PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PDF
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PDF
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PDF
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
A Presentation on Artificial Intelligence
memembruh336
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 

Incident Management Framework

  • 2. Preparing for System Failure Our Approach at Rentman
  • 3. About Me - Software Architect at Gapstars / Rentman - ~15 years of experience, mistakes and learning - Primarily APIs and Web tech - I sporadically blog on randomcoding.com - I tweet as @jomanlk
  • 4. About Rentman - Provides resource management and planning for the AV & Event industry - Industry leader in rentals management for the events industry - 10+ years in the events space - Customers across 75 countries - 70+ employees spread across NA, Europe and Sri Lanka - Tech stack primarily on AWS - Most services multi region / multi AZ - Primarily running on top of AWS ECS - Heavily use Atlassian products
  • 5. Agenda - Introduction ← - Approach - Learnings
  • 6. Why Now, for Rentman? - Increase our ‘bus factor’ - Reduce loss of institutional knowledge - Increase active monitoring coverage - Growing pains. Reduce stress & panic
  • 7. What Is An Incident Response Plan? - Well defined framework to deal with incidents - No ambiguity - Clear command structure - Refer the Incident Command System (ICS) “An incident response plan is a document that outlines an organization's procedures, steps, and responsibilities of its incident response program.”
  • 8. Goals: The 3 Cs - Coordinate response effort. - Communicate between incident responders, within the organization, and to the outside world. - Maintain control over the incident response.
  • 10. Step 0 - Documentation - Documentation - Create a Playbook - Setup Teams & Organizational support - Tiered teams. T1, T2
  • 11. Incident Response Phases Triage Coordinate Mitigate Resolve Learnings
  • 13. Common Terms - IC: Incident Commander - CL: Comms lead - LI: Lead investigator - DS: Domain specialist
  • 14. Triage - What’s going on? - How bad is it? - Depends on - Monitoring - User reports - P3, P2? - Not great, but it can wait - P1 - BIG problem
  • 16. Coordinate - Use tooling - Scheduling - Alerting - Who needs to be involved? - Small incident? - Big incident? - Who’s available?
  • 18. Mitigate - STOP THE BLEED! - Goal ≠ Finding and fixing issue - Goal = Get things working - Collaborate - Keep it DRY - Keep it documented Reviewing recent releases Disabling demo creation Support is asking me for an update, do we have anything? Joining the incident response! Where are we at?
  • 19. Mitigate Reviewing recent releases Disabling demo creation Support is asking me for an update, do we have anything? Joining the incident response! Where are we at?
  • 20. Resolve - Make sure the root cause is addressed - This could be days or sometimes weeks after incident Creating hotfix branch Added extra logs for this specific issue
  • 22. Follow Up - Document the JIRA issue timeline - Psychological Safety - Learn from the experience - Failure is in process not individual - Blame free / Owned by team - Review the process - What went well / not well? - What was missing? Improvements to process Additional logging added Learnings Create RCA
  • 24. Learnings - Leverage existing workflows / tools - Practice. Practice. Practice. - Breakathons - Simulations
  • 25. Learnings Continued - Plan. Do. Review. Improve. - Incorporate Organizational Requirements Early - Compensation for on-call - Uptime guarantees - SLA with customers
  • 26. Fin. - Questions: Stay tuned for the panel discussion - Want to reach out? - @jomanlk on Twitter - linkedin.com/in/jnxpereira on LinkedIn - john@jnx.me on Email