AWS whitepapers documentation change
Summary
Removed detailed containment strategies including NIST criteria and AWS-specific containment categories
Security assessment
Elimination of technical containment guidance doesn't demonstrate resolution of a security vulnerability. The removed content was security documentation, but its deletion shows no evidence of patching a security flaw or incident response.
Diff
diff --git a/whitepapers/latest/aws-security-incident-response-guide/containment.md b/whitepapers/latest/aws-security-incident-response-guide/containment.md index f6a61d9fd..8b1378917 100644 --- a//whitepapers/latest/aws-security-incident-response-guide/containment.md +++ b//whitepapers/latest/aws-security-incident-response-guide/containment.md @@ -1 +0,0 @@ -[View a markdown version of this page](containment.md) @@ -3,57 +1,0 @@ -[](/pdfs/security-ir/latest/userguide/sir-ug.pdf#containment "Open PDF") - -[Documentation](/index.html)[Security Incident Response](/security-ir/index.html)[](what-is.html) - -# Containment - -One definition of containment, as it relates to incident response, is the process or implementation of a strategy during the handling of a security event that acts to minimize the scope of the security event and contain the effects of unauthorized usage within the environment. - -A containment strategy depends on a myriad of factors and can be different from one organization to another in terms of application of containment tactics, timing, and purpose. The [NIST SP 800-61 Computer Security Incident Handling Guide](https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final) outlines several criteria for determining the appropriate containment strategy, which includes: - - * Potential damage to and theft of resources - - * Need for evidence preservation - - * Service availability (network connectivity, services provided to external parties) - - * Time and resources needed to implement the strategy - - * Effectiveness of the strategy (partial or full containment) - - * Duration of the solution (emergency workaround to be removed in four hours, temporary workaround to be removed in two weeks, permanent solution) - - - - -Regarding services on AWS, however, the fundamental containment steps can be distilled down to three categories: - - * **Source containment** – Use filtering and routing to prevent access from a certain source. - - * **Technique and access containment** – Remove access to prevent unauthorized access to the affected resources. - - * **Destination containment** – Use filtering and routing to prevent access to a target resource. - - - - - **Javascript is disabled or is unavailable in your browser.** - -To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions. - -[Document Conventions](/general/latest/gr/docconventions.html) - -Develop narratives - -Source containment - -Did this page help you? - Yes - -Thanks for letting us know we're doing a good job! - -If you've got a moment, please tell us what we did right so we can do more of it. - -Did this page help you? - No - -Thanks for letting us know this page needs work. We're sorry we let you down. - -If you've got a moment, please tell us how we can make the documentation better.