AWS whitepapers documentation change
Summary
Removed entire content covering security incident analysis procedures including alert validation, scoping, and impact assessment
Security assessment
Change deletes security incident response guidance without evidence of fixing a specific vulnerability. The removal eliminates documentation about security processes but doesn't reference any security flaws being addressed.
Diff
diff --git a/whitepapers/latest/aws-security-incident-response-guide/validate-scope-assess-alert-impact.md b/whitepapers/latest/aws-security-incident-response-guide/validate-scope-assess-alert-impact.md index a866f43b1..8b1378917 100644 --- a//whitepapers/latest/aws-security-incident-response-guide/validate-scope-assess-alert-impact.md +++ b//whitepapers/latest/aws-security-incident-response-guide/validate-scope-assess-alert-impact.md @@ -1 +0,0 @@ -[View a markdown version of this page](validate-scope-assess-alert-impact.md) @@ -3,40 +1,0 @@ -[](/pdfs/security-ir/latest/userguide/sir-ug.pdf#validate-scope-assess-alert-impact "Open PDF") - -[Documentation](/index.html)[Security Incident Response](/security-ir/index.html)[](what-is.html) - -# Validate, scope, and assess impact of alert - -During the analysis phase, comprehensive log analysis is performed with the goal to validate alerts, define scope, and assess the impact of the possible compromise. - - * _Validation_ of the alert is the entry point of the analysis phase. Incident responders will be looking for log entries from various sources and directly engaging with owners of the affected workload. - - * _Scoping_ is the next step, when all resources involved are inventoried and alert criticality is adjusted after stakeholders agree that it is unlikely to be a false-positive. - - * Finally,_impact analysis_ details the actual business disruption. - - - - -Once the affected workload components are identified, scoping results can be correlated with the related workload’s recovery point objective (RPO) and recovery time objective (RTO), adjusting for alert criticality, which will initiate resource allocation and all activity happening next. Not all incidents will directly disrupt operations of a workload supporting a business process. Incidents such as sensitive data disclosure, intellectual property theft, or resource hijacking (as in cryptocurrency mining) might not stop or debilitate a business process immediately, but can result in consequences at a later time. - - **Javascript is disabled or is unavailable in your browser.** - -To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions. - -[Document Conventions](/general/latest/gr/docconventions.html) - -Analysis - -Enrich security logs and findings - -Did this page help you? - Yes - -Thanks for letting us know we're doing a good job! - -If you've got a moment, please tell us what we did right so we can do more of it. - -Did this page help you? - No - -Thanks for letting us know this page needs work. We're sorry we let you down. - -If you've got a moment, please tell us how we can make the documentation better.