This procedure describes the detailed analysis which is conducted as part of the modular incident response plan. The procedure presumes that initial research has concluded, and all respective pieces of information gathered accordingly.
The detailed analysis procedure closes any remaining gaps that were left post initial research. In addition, an identification of affected IT assets and affected business services are conducted. The appropriateness and efficacy of available containment measures is evaluated and provided as input to the mitigation procedure.
The detailed analysis procedure ensures that all relevant information is gathered: the potential impact of the security incident, the affected assets and their purpose, and the potential impact of containment measures. Only after these essential pieces of information have been investigated can an informed decision about the containment strategy be made.