What is the meaning of Triage in Cybersec world? The 2019 Stack Overflow Developer Survey...
During Temple times, who can butcher a kosher animal?
Are there incongruent pythagorean triangles with the same perimeter and same area?
Is bread bad for ducks?
Identify boardgame from Big movie
Resizing object distorts it (Illustrator CC 2018)
"as much details as you can remember"
Why isn't the circumferential light around the M87 black hole's event horizon symmetric?
What tool would a Roman-age civilization have for the breaking of silver and other metals into dust?
What is the closest word meaning "respect for time / mindful"
What is the accessibility of a package's `Private` context variables?
Origin of "cooter" meaning "vagina"
How to answer pointed "are you quitting" questioning when I don't want them to suspect
How to support a colleague who finds meetings extremely tiring?
If I score a critical hit on an 18 or higher, what are my chances of getting a critical hit if I roll 3d20?
Why did Acorn's A3000 have red function keys?
Is this app Icon Browser Safe/Legit?
Do these rules for Critical Successes and Critical Failures seem Fair?
Can someone be penalized for an "unlawful" act if no penalty is specified?
Did 3000BC Egyptians use meteoric iron weapons?
Multiply Two Integer Polynomials
Can a rogue use sneak attack with weapons that have the thrown property even if they are not thrown?
Protecting Dualbooting Windows from dangerous code (like rm -rf)
When should I buy a clipper card after flying to OAK?
What are the motivations for publishing new editions of an existing textbook, beyond new discoveries in a field?
What is the meaning of Triage in Cybersec world?
The 2019 Stack Overflow Developer Survey Results Are InWhat are the most relevant security events/incidents any company should monitor?BitLocker : Update Volume Master Key and meaning of “keyed” vs “re-keyed”What is the difference between data and information when it comes to Data Security?Does “assesse” have a particular meaning in information security?What is the meaning of “me” in ipfw rules?What exactly is the meaning of 'trojan' and 'rootkit'?What is the difference between Compliance and Auditing in Information Security?What is the difference between a SIEM and a SOC?What is a “security bod”?What is a Security Guideline and how does it stand in relation with Standards, Policies, Procedures?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
I searched Google about this term, but the definitions that I found was related to the medical world, and nothing related to IT. I think that is some kind of procedure of documenting something maybe? Note that I heard this word for the first time in the SOC (Security Operations Center) that I am currently working.
terminology soc
edited yesterday
schroeder♦
78.8k30175211
asked yesterday
victor26567victor26567
17824
add a comment |
I searched Google about this term, but the definitions that I found was related to the medical world, and nothing related to IT. I think that is some kind of procedure of documenting something maybe? Note that I heard this word for the first time in the SOC (Security Operations Center) that I am currently working.
terminology soc
edited yesterday
schroeder♦
78.8k30175211
asked yesterday
victor26567victor26567
17824
4
It means the same thing, just applied to tech/business issues rather than medical issues.
– Matthew Read
yesterday
2
Not related to cybersec, but the term "triage" can also be used in software development: if a user reports a bug by opening a ticket in the bug tracker, someone must check whether it can be reproduced, what team it should be assigned to, and its severity or priority (that is, how disruptive it is and how urgent it is to fix: is it critical, normal, negligible...?). Some call this process triage. For example, Google uses this term in the Chromium project.
– Fabio Turati
yesterday
1
Just to add the definition: the assignment of degrees of urgency to wounds or illnesses to decide the order of treatment of a large number of patients or casualties. Now replace wound with a computer word and replace patient with server/workstation.
– JPhi1618
21 hours ago
There was an Arabic website for hackers called something like "TrYaG AlArab" but it is shut down about 9 years ago, your question just reminded me with this website. This same word exists in the Arabic language also but it comes with the meaning "medicine"
– AccountantM
19 hours ago
add a comment |
I searched Google about this term, but the definitions that I found was related to the medical world, and nothing related to IT. I think that is some kind of procedure of documenting something maybe? Note that I heard this word for the first time in the SOC (Security Operations Center) that I am currently working.
terminology soc
edited yesterday
schroeder♦
78.8k30175211
asked yesterday
victor26567victor26567
17824
I searched Google about this term, but the definitions that I found was related to the medical world, and nothing related to IT. I think that is some kind of procedure of documenting something maybe? Note that I heard this word for the first time in the SOC (Security Operations Center) that I am currently working.
terminology soc
terminology soc
edited yesterday
schroeder♦
78.8k30175211
asked yesterday
victor26567victor26567
17824
edited yesterday
schroeder♦
78.8k30175211
asked yesterday
victor26567victor26567
17824
edited yesterday
schroeder♦
78.8k30175211
edited yesterday
schroeder♦
78.8k30175211
edited yesterday
schroeder♦
78.8k30175211
78.8k30175211
asked yesterday
victor26567victor26567
17824
asked yesterday
victor26567victor26567
17824
asked yesterday
victor26567victor26567
17824
17824
4
It means the same thing, just applied to tech/business issues rather than medical issues.
– Matthew Read
yesterday
2
Not related to cybersec, but the term "triage" can also be used in software development: if a user reports a bug by opening a ticket in the bug tracker, someone must check whether it can be reproduced, what team it should be assigned to, and its severity or priority (that is, how disruptive it is and how urgent it is to fix: is it critical, normal, negligible...?). Some call this process triage. For example, Google uses this term in the Chromium project.
– Fabio Turati
yesterday
1
Just to add the definition: the assignment of degrees of urgency to wounds or illnesses to decide the order of treatment of a large number of patients or casualties. Now replace wound with a computer word and replace patient with server/workstation.
– JPhi1618
21 hours ago
There was an Arabic website for hackers called something like "TrYaG AlArab" but it is shut down about 9 years ago, your question just reminded me with this website. This same word exists in the Arabic language also but it comes with the meaning "medicine"
– AccountantM
19 hours ago
add a comment |
4
It means the same thing, just applied to tech/business issues rather than medical issues.
– Matthew Read
yesterday
2
Not related to cybersec, but the term "triage" can also be used in software development: if a user reports a bug by opening a ticket in the bug tracker, someone must check whether it can be reproduced, what team it should be assigned to, and its severity or priority (that is, how disruptive it is and how urgent it is to fix: is it critical, normal, negligible...?). Some call this process triage. For example, Google uses this term in the Chromium project.
– Fabio Turati
yesterday
1
Just to add the definition: the assignment of degrees of urgency to wounds or illnesses to decide the order of treatment of a large number of patients or casualties. Now replace wound with a computer word and replace patient with server/workstation.
– JPhi1618
21 hours ago
There was an Arabic website for hackers called something like "TrYaG AlArab" but it is shut down about 9 years ago, your question just reminded me with this website. This same word exists in the Arabic language also but it comes with the meaning "medicine"
– AccountantM
19 hours ago
4
4
It means the same thing, just applied to tech/business issues rather than medical issues.
– Matthew Read
yesterday
It means the same thing, just applied to tech/business issues rather than medical issues.
– Matthew Read
yesterday
2
2
Not related to cybersec, but the term "triage" can also be used in software development: if a user reports a bug by opening a ticket in the bug tracker, someone must check whether it can be reproduced, what team it should be assigned to, and its severity or priority (that is, how disruptive it is and how urgent it is to fix: is it critical, normal, negligible...?). Some call this process triage. For example, Google uses this term in the Chromium project.
– Fabio Turati
yesterday
Not related to cybersec, but the term "triage" can also be used in software development: if a user reports a bug by opening a ticket in the bug tracker, someone must check whether it can be reproduced, what team it should be assigned to, and its severity or priority (that is, how disruptive it is and how urgent it is to fix: is it critical, normal, negligible...?). Some call this process triage. For example, Google uses this term in the Chromium project.
– Fabio Turati
yesterday
1
1
Just to add the definition: the assignment of degrees of urgency to wounds or illnesses to decide the order of treatment of a large number of patients or casualties. Now replace wound with a computer word and replace patient with server/workstation.
– JPhi1618
21 hours ago
Just to add the definition: the assignment of degrees of urgency to wounds or illnesses to decide the order of treatment of a large number of patients or casualties. Now replace wound with a computer word and replace patient with server/workstation.
– JPhi1618
21 hours ago
There was an Arabic website for hackers called something like "TrYaG AlArab" but it is shut down about 9 years ago, your question just reminded me with this website. This same word exists in the Arabic language also but it comes with the meaning "medicine"
– AccountantM
19 hours ago
There was an Arabic website for hackers called something like "TrYaG AlArab" but it is shut down about 9 years ago, your question just reminded me with this website. This same word exists in the Arabic language also but it comes with the meaning "medicine"
– AccountantM
19 hours ago
add a comment |
3 Answers
3
active
oldest
votes
We just got reports that 4000 of our systems are infected with ransomeware.
3000 are end users, 800 are non-critical servers, 200 are critical servers.
Triage is looking at this mess and deciding which order to start restoring systems in. We can't tackle them all at once, so we have to look at some and say 'Sorry, little Inspiron that couldn't, you get to sit there and be useless for a while.'
It comes from the medical world, as you've stated. It's the same reasoning as an ER doctor looking at two patients and deciding to work on the one that they're more certain they can save. You let one go, as hard as it may be, so that the other might live. If you'd worked on the worse injured person, it's possible they both would have died.
The difference in the security world is that often it's dollars lost due to users being unable to work, rather than literal life and death. You work on the systems that you are most likely to be able to restore, and that will return the largest amount of productivity to the environment. You leave the individual laptops that only affect a single user to the side, for now.
answered yesterday
AdonalsiumAdonalsium
3,72611021
wow, thanks a lot. So, in brief, it is like prioritize which systems you want to restore, because there are many of them, and you cant work with all of them at the same time, right?
– victor26567
yesterday
Pretty much. It's just deciding what systems make the most sense to fix first, because you have limited resources.
– Adonalsium
yesterday
19
Poor lil' Inspiron :(
– Kyle Vassella
yesterday
2
@MartinBonner Then assume by 'doctor' I meant 'battlefield medic'. :)
– Adonalsium
7 hours ago
1
@MartinBonner it depends of the context, usually there is time to provide some assistance to everyone and it is just a matter of avoiding that you do not fail to provide care to the urgent cases because you are dealing with the non-urgent ones (you just will not get 400 hearts attacks at the same time at an hospital). But if there are suddenly lots of critical cases (for example, after an earthquake or other disaster) then the part about deciding who is too injured to survive (and hence a drain of much needed resources) may kick in.
– SJuan76
5 hours ago
|
show 1 more comment
In addition to Adonalsium's fine answer regarding prioritization, the triage step will include the initial routing of the event to the people best suited to handle it.
A virus or ransomware attack would go to the operations team who would first isolate the computer to minimize collateral damage. A DDoS attack may go to the network team to start sinking the garbage packets. A report of suspicion may get placed in a queue for a generalist to handle later. Evidence of an intrusion may get escalated immediately to the Incident Management team.
edited 7 hours ago
yoozer8
1741211
answered yesterday
John DetersJohn Deters
29k34392
Worth noting that this can also be an ongoing process. Alerts are always numerous, so an initial sift, sort, and send is typically conducted by one person, while the rest of the team deep dives into the issues raised.
– Jozef Woods
18 hours ago
add a comment |
In addition to the other great answers, the term triage is also used in the bugbounty bug report process to mean the process of initially reproducing the issue and assigning a priority to it.
Triage
The process of validating a vulnerability submission from raw submission to a valid, easily digestible report.
Source: https://www.bugcrowd.com/resources/glossary/triage/
Or when talking about various states of a reported bug:
Triaged: A submission that may be valid, but needs to be reviewed again and validated.
Source: https://docs.bugcrowd.com/docs/submission-status
The term is used in similar context by HackerOne as well (though they have less states for a submission so this covers more than the same-name state by BugCrowd):
Triaged - The report is evaluated but hasn't been resolved. It is in the state of being fixed.
Source: https://docs.hackerone.com/hackers/report-states.html
answered 9 hours ago
Torin42Torin42
962
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f207100%2fwhat-is-the-meaning-of-triage-in-cybersec-world%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
We just got reports that 4000 of our systems are infected with ransomeware.
3000 are end users, 800 are non-critical servers, 200 are critical servers.
Triage is looking at this mess and deciding which order to start restoring systems in. We can't tackle them all at once, so we have to look at some and say 'Sorry, little Inspiron that couldn't, you get to sit there and be useless for a while.'
It comes from the medical world, as you've stated. It's the same reasoning as an ER doctor looking at two patients and deciding to work on the one that they're more certain they can save. You let one go, as hard as it may be, so that the other might live. If you'd worked on the worse injured person, it's possible they both would have died.
The difference in the security world is that often it's dollars lost due to users being unable to work, rather than literal life and death. You work on the systems that you are most likely to be able to restore, and that will return the largest amount of productivity to the environment. You leave the individual laptops that only affect a single user to the side, for now.
answered yesterday
AdonalsiumAdonalsium
3,72611021
wow, thanks a lot. So, in brief, it is like prioritize which systems you want to restore, because there are many of them, and you cant work with all of them at the same time, right?
– victor26567
yesterday
Pretty much. It's just deciding what systems make the most sense to fix first, because you have limited resources.
– Adonalsium
yesterday
19
Poor lil' Inspiron :(
– Kyle Vassella
yesterday
2
@MartinBonner Then assume by 'doctor' I meant 'battlefield medic'. :)
– Adonalsium
7 hours ago
1
@MartinBonner it depends of the context, usually there is time to provide some assistance to everyone and it is just a matter of avoiding that you do not fail to provide care to the urgent cases because you are dealing with the non-urgent ones (you just will not get 400 hearts attacks at the same time at an hospital). But if there are suddenly lots of critical cases (for example, after an earthquake or other disaster) then the part about deciding who is too injured to survive (and hence a drain of much needed resources) may kick in.
– SJuan76
5 hours ago
|
show 1 more comment
We just got reports that 4000 of our systems are infected with ransomeware.
3000 are end users, 800 are non-critical servers, 200 are critical servers.
Triage is looking at this mess and deciding which order to start restoring systems in. We can't tackle them all at once, so we have to look at some and say 'Sorry, little Inspiron that couldn't, you get to sit there and be useless for a while.'
It comes from the medical world, as you've stated. It's the same reasoning as an ER doctor looking at two patients and deciding to work on the one that they're more certain they can save. You let one go, as hard as it may be, so that the other might live. If you'd worked on the worse injured person, it's possible they both would have died.
The difference in the security world is that often it's dollars lost due to users being unable to work, rather than literal life and death. You work on the systems that you are most likely to be able to restore, and that will return the largest amount of productivity to the environment. You leave the individual laptops that only affect a single user to the side, for now.
answered yesterday
AdonalsiumAdonalsium
3,72611021
wow, thanks a lot. So, in brief, it is like prioritize which systems you want to restore, because there are many of them, and you cant work with all of them at the same time, right?
– victor26567
yesterday
Pretty much. It's just deciding what systems make the most sense to fix first, because you have limited resources.
– Adonalsium
yesterday
19
Poor lil' Inspiron :(
– Kyle Vassella
yesterday
2
@MartinBonner Then assume by 'doctor' I meant 'battlefield medic'. :)
– Adonalsium
7 hours ago
1
@MartinBonner it depends of the context, usually there is time to provide some assistance to everyone and it is just a matter of avoiding that you do not fail to provide care to the urgent cases because you are dealing with the non-urgent ones (you just will not get 400 hearts attacks at the same time at an hospital). But if there are suddenly lots of critical cases (for example, after an earthquake or other disaster) then the part about deciding who is too injured to survive (and hence a drain of much needed resources) may kick in.
– SJuan76
5 hours ago
|
show 1 more comment
We just got reports that 4000 of our systems are infected with ransomeware.
3000 are end users, 800 are non-critical servers, 200 are critical servers.
Triage is looking at this mess and deciding which order to start restoring systems in. We can't tackle them all at once, so we have to look at some and say 'Sorry, little Inspiron that couldn't, you get to sit there and be useless for a while.'
It comes from the medical world, as you've stated. It's the same reasoning as an ER doctor looking at two patients and deciding to work on the one that they're more certain they can save. You let one go, as hard as it may be, so that the other might live. If you'd worked on the worse injured person, it's possible they both would have died.
The difference in the security world is that often it's dollars lost due to users being unable to work, rather than literal life and death. You work on the systems that you are most likely to be able to restore, and that will return the largest amount of productivity to the environment. You leave the individual laptops that only affect a single user to the side, for now.
answered yesterday
AdonalsiumAdonalsium
3,72611021
We just got reports that 4000 of our systems are infected with ransomeware.
3000 are end users, 800 are non-critical servers, 200 are critical servers.
Triage is looking at this mess and deciding which order to start restoring systems in. We can't tackle them all at once, so we have to look at some and say 'Sorry, little Inspiron that couldn't, you get to sit there and be useless for a while.'
It comes from the medical world, as you've stated. It's the same reasoning as an ER doctor looking at two patients and deciding to work on the one that they're more certain they can save. You let one go, as hard as it may be, so that the other might live. If you'd worked on the worse injured person, it's possible they both would have died.
The difference in the security world is that often it's dollars lost due to users being unable to work, rather than literal life and death. You work on the systems that you are most likely to be able to restore, and that will return the largest amount of productivity to the environment. You leave the individual laptops that only affect a single user to the side, for now.
answered yesterday
AdonalsiumAdonalsium
3,72611021
answered yesterday
AdonalsiumAdonalsium
3,72611021
answered yesterday
AdonalsiumAdonalsium
3,72611021
answered yesterday
AdonalsiumAdonalsium
3,72611021
3,72611021
wow, thanks a lot. So, in brief, it is like prioritize which systems you want to restore, because there are many of them, and you cant work with all of them at the same time, right?
– victor26567
yesterday
Pretty much. It's just deciding what systems make the most sense to fix first, because you have limited resources.
– Adonalsium
yesterday
19
Poor lil' Inspiron :(
– Kyle Vassella
yesterday
2
@MartinBonner Then assume by 'doctor' I meant 'battlefield medic'. :)
– Adonalsium
7 hours ago
1
@MartinBonner it depends of the context, usually there is time to provide some assistance to everyone and it is just a matter of avoiding that you do not fail to provide care to the urgent cases because you are dealing with the non-urgent ones (you just will not get 400 hearts attacks at the same time at an hospital). But if there are suddenly lots of critical cases (for example, after an earthquake or other disaster) then the part about deciding who is too injured to survive (and hence a drain of much needed resources) may kick in.
– SJuan76
5 hours ago
|
show 1 more comment
wow, thanks a lot. So, in brief, it is like prioritize which systems you want to restore, because there are many of them, and you cant work with all of them at the same time, right?
– victor26567
yesterday
Pretty much. It's just deciding what systems make the most sense to fix first, because you have limited resources.
– Adonalsium
yesterday
19
Poor lil' Inspiron :(
– Kyle Vassella
yesterday
2
@MartinBonner Then assume by 'doctor' I meant 'battlefield medic'. :)
– Adonalsium
7 hours ago
1
@MartinBonner it depends of the context, usually there is time to provide some assistance to everyone and it is just a matter of avoiding that you do not fail to provide care to the urgent cases because you are dealing with the non-urgent ones (you just will not get 400 hearts attacks at the same time at an hospital). But if there are suddenly lots of critical cases (for example, after an earthquake or other disaster) then the part about deciding who is too injured to survive (and hence a drain of much needed resources) may kick in.
– SJuan76
5 hours ago
wow, thanks a lot. So, in brief, it is like prioritize which systems you want to restore, because there are many of them, and you cant work with all of them at the same time, right?
– victor26567
yesterday
wow, thanks a lot. So, in brief, it is like prioritize which systems you want to restore, because there are many of them, and you cant work with all of them at the same time, right?
– victor26567
yesterday
Pretty much. It's just deciding what systems make the most sense to fix first, because you have limited resources.
– Adonalsium
yesterday
Pretty much. It's just deciding what systems make the most sense to fix first, because you have limited resources.
– Adonalsium
yesterday
19
19
Poor lil' Inspiron :(
– Kyle Vassella
yesterday
Poor lil' Inspiron :(
– Kyle Vassella
yesterday
2
2
@MartinBonner Then assume by 'doctor' I meant 'battlefield medic'. :)
– Adonalsium
7 hours ago
@MartinBonner Then assume by 'doctor' I meant 'battlefield medic'. :)
– Adonalsium
7 hours ago
1
1
@MartinBonner it depends of the context, usually there is time to provide some assistance to everyone and it is just a matter of avoiding that you do not fail to provide care to the urgent cases because you are dealing with the non-urgent ones (you just will not get 400 hearts attacks at the same time at an hospital). But if there are suddenly lots of critical cases (for example, after an earthquake or other disaster) then the part about deciding who is too injured to survive (and hence a drain of much needed resources) may kick in.
– SJuan76
5 hours ago
@MartinBonner it depends of the context, usually there is time to provide some assistance to everyone and it is just a matter of avoiding that you do not fail to provide care to the urgent cases because you are dealing with the non-urgent ones (you just will not get 400 hearts attacks at the same time at an hospital). But if there are suddenly lots of critical cases (for example, after an earthquake or other disaster) then the part about deciding who is too injured to survive (and hence a drain of much needed resources) may kick in.
– SJuan76
5 hours ago
|
show 1 more comment
In addition to Adonalsium's fine answer regarding prioritization, the triage step will include the initial routing of the event to the people best suited to handle it.
A virus or ransomware attack would go to the operations team who would first isolate the computer to minimize collateral damage. A DDoS attack may go to the network team to start sinking the garbage packets. A report of suspicion may get placed in a queue for a generalist to handle later. Evidence of an intrusion may get escalated immediately to the Incident Management team.
edited 7 hours ago
yoozer8
1741211
answered yesterday
John DetersJohn Deters
29k34392
Worth noting that this can also be an ongoing process. Alerts are always numerous, so an initial sift, sort, and send is typically conducted by one person, while the rest of the team deep dives into the issues raised.
– Jozef Woods
18 hours ago
add a comment |
In addition to Adonalsium's fine answer regarding prioritization, the triage step will include the initial routing of the event to the people best suited to handle it.
A virus or ransomware attack would go to the operations team who would first isolate the computer to minimize collateral damage. A DDoS attack may go to the network team to start sinking the garbage packets. A report of suspicion may get placed in a queue for a generalist to handle later. Evidence of an intrusion may get escalated immediately to the Incident Management team.
edited 7 hours ago
yoozer8
1741211
answered yesterday
John DetersJohn Deters
29k34392
Worth noting that this can also be an ongoing process. Alerts are always numerous, so an initial sift, sort, and send is typically conducted by one person, while the rest of the team deep dives into the issues raised.
– Jozef Woods
18 hours ago
add a comment |
In addition to Adonalsium's fine answer regarding prioritization, the triage step will include the initial routing of the event to the people best suited to handle it.
A virus or ransomware attack would go to the operations team who would first isolate the computer to minimize collateral damage. A DDoS attack may go to the network team to start sinking the garbage packets. A report of suspicion may get placed in a queue for a generalist to handle later. Evidence of an intrusion may get escalated immediately to the Incident Management team.
edited 7 hours ago
yoozer8
1741211
answered yesterday
John DetersJohn Deters
29k34392
In addition to Adonalsium's fine answer regarding prioritization, the triage step will include the initial routing of the event to the people best suited to handle it.
A virus or ransomware attack would go to the operations team who would first isolate the computer to minimize collateral damage. A DDoS attack may go to the network team to start sinking the garbage packets. A report of suspicion may get placed in a queue for a generalist to handle later. Evidence of an intrusion may get escalated immediately to the Incident Management team.
edited 7 hours ago
yoozer8
1741211
answered yesterday
John DetersJohn Deters
29k34392
edited 7 hours ago
yoozer8
1741211
edited 7 hours ago
yoozer8
1741211
edited 7 hours ago
yoozer8
1741211
1741211
answered yesterday
John DetersJohn Deters
29k34392
answered yesterday
John DetersJohn Deters
29k34392
answered yesterday
John DetersJohn Deters
29k34392
29k34392
Worth noting that this can also be an ongoing process. Alerts are always numerous, so an initial sift, sort, and send is typically conducted by one person, while the rest of the team deep dives into the issues raised.
– Jozef Woods
18 hours ago
add a comment |
Worth noting that this can also be an ongoing process. Alerts are always numerous, so an initial sift, sort, and send is typically conducted by one person, while the rest of the team deep dives into the issues raised.
– Jozef Woods
18 hours ago
Worth noting that this can also be an ongoing process. Alerts are always numerous, so an initial sift, sort, and send is typically conducted by one person, while the rest of the team deep dives into the issues raised.
– Jozef Woods
18 hours ago
Worth noting that this can also be an ongoing process. Alerts are always numerous, so an initial sift, sort, and send is typically conducted by one person, while the rest of the team deep dives into the issues raised.
– Jozef Woods
18 hours ago
add a comment |
In addition to the other great answers, the term triage is also used in the bugbounty bug report process to mean the process of initially reproducing the issue and assigning a priority to it.
Triage
The process of validating a vulnerability submission from raw submission to a valid, easily digestible report.
Source: https://www.bugcrowd.com/resources/glossary/triage/
Or when talking about various states of a reported bug:
Triaged: A submission that may be valid, but needs to be reviewed again and validated.
Source: https://docs.bugcrowd.com/docs/submission-status
The term is used in similar context by HackerOne as well (though they have less states for a submission so this covers more than the same-name state by BugCrowd):
Triaged - The report is evaluated but hasn't been resolved. It is in the state of being fixed.
Source: https://docs.hackerone.com/hackers/report-states.html
answered 9 hours ago
Torin42Torin42
962
add a comment |
In addition to the other great answers, the term triage is also used in the bugbounty bug report process to mean the process of initially reproducing the issue and assigning a priority to it.
Triage
The process of validating a vulnerability submission from raw submission to a valid, easily digestible report.
Source: https://www.bugcrowd.com/resources/glossary/triage/
Or when talking about various states of a reported bug:
Triaged: A submission that may be valid, but needs to be reviewed again and validated.
Source: https://docs.bugcrowd.com/docs/submission-status
The term is used in similar context by HackerOne as well (though they have less states for a submission so this covers more than the same-name state by BugCrowd):
Triaged - The report is evaluated but hasn't been resolved. It is in the state of being fixed.
Source: https://docs.hackerone.com/hackers/report-states.html
answered 9 hours ago
Torin42Torin42
962
add a comment |
In addition to the other great answers, the term triage is also used in the bugbounty bug report process to mean the process of initially reproducing the issue and assigning a priority to it.
Triage
The process of validating a vulnerability submission from raw submission to a valid, easily digestible report.
Source: https://www.bugcrowd.com/resources/glossary/triage/
Or when talking about various states of a reported bug:
Triaged: A submission that may be valid, but needs to be reviewed again and validated.
Source: https://docs.bugcrowd.com/docs/submission-status
The term is used in similar context by HackerOne as well (though they have less states for a submission so this covers more than the same-name state by BugCrowd):
Triaged - The report is evaluated but hasn't been resolved. It is in the state of being fixed.
Source: https://docs.hackerone.com/hackers/report-states.html
answered 9 hours ago
Torin42Torin42
962
In addition to the other great answers, the term triage is also used in the bugbounty bug report process to mean the process of initially reproducing the issue and assigning a priority to it.
Triage
The process of validating a vulnerability submission from raw submission to a valid, easily digestible report.
Source: https://www.bugcrowd.com/resources/glossary/triage/
Or when talking about various states of a reported bug:
Triaged: A submission that may be valid, but needs to be reviewed again and validated.
Source: https://docs.bugcrowd.com/docs/submission-status
The term is used in similar context by HackerOne as well (though they have less states for a submission so this covers more than the same-name state by BugCrowd):
Triaged - The report is evaluated but hasn't been resolved. It is in the state of being fixed.
Source: https://docs.hackerone.com/hackers/report-states.html
answered 9 hours ago
Torin42Torin42
962
answered 9 hours ago
Torin42Torin42
962
answered 9 hours ago
Torin42Torin42
962
answered 9 hours ago
Torin42Torin42
962
962
add a comment |
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f207100%2fwhat-is-the-meaning-of-triage-in-cybersec-world%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
4
It means the same thing, just applied to tech/business issues rather than medical issues.
– Matthew Read
yesterday
2
Not related to cybersec, but the term "triage" can also be used in software development: if a user reports a bug by opening a ticket in the bug tracker, someone must check whether it can be reproduced, what team it should be assigned to, and its severity or priority (that is, how disruptive it is and how urgent it is to fix: is it critical, normal, negligible...?). Some call this process triage. For example, Google uses this term in the Chromium project.
– Fabio Turati
yesterday
1
Just to add the definition: the assignment of degrees of urgency to wounds or illnesses to decide the order of treatment of a large number of patients or casualties. Now replace wound with a computer word and replace patient with server/workstation.
– JPhi1618
21 hours ago
There was an Arabic website for hackers called something like "TrYaG AlArab" but it is shut down about 9 years ago, your question just reminded me with this website. This same word exists in the Arabic language also but it comes with the meaning "medicine"
– AccountantM
19 hours ago