SEC 10: How do you anticipate, respond to, and recover from incidents?
Prepare for and respond to security incidents in your AWS environment
Automating Incident Response and Forensics in AWS
DIY guide to runbooks, incident reports, and incident response
CloudEndure Disaster Recovery
AWS Incident Response Guide
Lab: Incident Response Playbook with Jupyter - AWS IAM
Lab: Incident Response with AWS Console and CLI
Identify key personnel and external resources: Identify internal and external personnel, resources, and legal obligations that would help your organization respond to an incident.
Develop incident management plans: Create plans to help you respond to, communicate during, and recover from an incident. For example, you can start an incident response plan with the most likely scenarios for your workload and organization. Include how you would communicate and escalate both internally and externally.
Prepare forensic capabilities: Identify and prepare forensic investigation capabilities that are suitable, including external specialists, tools, and automation.
Automate containment capability: Automate containment and recovery of an incident to reduce response times and organizational impact.
Pre-provision access: Ensure that incident responders have the correct access pre-provisioned into AWS to reduce the time for investigation through to recovery.
Pre-deploy tools: Ensure that security personnel have the right tools pre-deployed into AWS to reduce the time for investigation through to recovery.
Identify key personnel and external resources
Develop incident management plans
AWS Security Incident Response Guide
NIST: Computer Security Incident Handling Guide
Prepare forensic capabilities
Automating Incident Response and Forensics
Automate containment capability
Lab: Incident response with AWS Management Console and CLI
Incident Response Playbook with Jupyter - AWS IAM
AWS Security Automation
AWS Tagging Strategies
Run game days